diff options
Diffstat (limited to 'mayor-orig/www/include/backend/ldap')
10 files changed, 1868 insertions, 0 deletions
diff --git a/mayor-orig/www/include/backend/ldap/auth/login.php b/mayor-orig/www/include/backend/ldap/auth/login.php new file mode 100644 index 00000000..2165371d --- /dev/null +++ b/mayor-orig/www/include/backend/ldap/auth/login.php @@ -0,0 +1,144 @@ +<?php +/* + Auth-LDAP + + A név-jelszó pár ellenőrzése LDAP adatbázis alapján +*/ + +/* -------------------------------------------------------------- + + Felhasználók azonosítása LDAP-ban tárolt posixAccount + osztályok alapján történik. + + A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE + konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php) + + Sikeres hitelesítés esetén + az egyéb account információkat (minimálisan a 'cn', azaz 'teljes név' + attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el. + + Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az + elutasítás okát. + +-------------------------------------------------------------- */ + +###################################################################### +# Az LDAP protocol version szerinti csatlakozás +###################################################################### + ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); + + function ldapUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) { + + global $AUTH; + + if ($toPolicy == '') { + if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy']; +// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy']; + else $toPolicy = _POLICY; + } + + // Kapcsolódás a szerverhez + $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return _AUTH_FAILURE; + } + + // Csatlakozás a szerverhez + $r = ldap_bind($ds); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + return _AUTH_FAILURE; + } + + // Van-e adott azonosítójú felhasználó? + $filter="(&(uid=$userAccount)(objectClass=posixAccount))"; + $justthese = array("sn","cn","studyId","shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax"); + $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); + if (!$sr) { + $_SESSION['alert'][] = "message:ldap_search_failure"; + ldap_close($ds); + return _AUTH_FAILURE; + } + $info=ldap_get_entries($ds,$sr); + + if ( $info['count'] === 0 ) { + // Nincs ilyen userAccount (uid) + $_SESSION['alert'][] = "message:no_account:$userAccount"; + ldap_close($ds); + return _AUTH_FAILURE_1; + } + + if ( $info['count'] > 1 ) { + // Több ilyen uid is van + $_SESSION['alert'][] = "message:multi_uid"; + ldap_close($ds); + return _AUTH_FAILURE_2; + } + + if ($info['count']==1) { // Van - egy - ilyen felhasználó + + $accountInformation['cn'] = $info[0]['cn'][0]; + $accountInformation['studyId'] = $info[0]['studyid'][0]; + $accountInformation['dn'] = $info[0]['dn']; + $accountInformation['account'] = $userAccount; + // Lejárt-e + // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik + if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0]; + if ( + $info[0]['shadowmax'][0] != '' && + ( + !isset($expireTimestamp) || + $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0] + ) + ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]; + // lejárt, ha lejárat ideje már elmúlt + $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24)))); + + // Le van-e tiltva + // Ha több mint shadowInactive napja lejárt + if ( // onDisabled: none | refuse + $AUTH[$toPolicy]['onDisabled'] == 'refuse' && + isset($expireTimestamp) && + $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24)) + ) { + // Le van tiltva + $_SESSION['alert'][] = 'message:account_disabled'; + ldap_close($ds); + return _AUTH_FAILURE_4; + } // onDisabled + + // Jelszó ellenőrzés - lehet-e csatlakozni + if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) { + $_SESSION['alert'][] = 'message:bad_pw'; + return _AUTH_FAILURE_3; + } + + ldap_close($ds); + // Lejárt-e az azonosító + if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update + // Lejárt-e + $pwLejar = $expireTimestamp - floor(time()/(60*60*24)); + if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) { + $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar; + return _AUTH_SUCCESS; + } elseif ($pwLejar <= 0) { + $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar); + if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') + $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar); + if ($AUTH[$toPolicy]['onExpired'] == 'warning') { + return _AUTH_SUCCESS; + } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') { + return _AUTH_EXPIRED; + } + } + } // onExpired + + // Ha idáig eljut, akkor minden rendben. + return _AUTH_SUCCESS; + + } // count == 1 + + } + +?> diff --git a/mayor-orig/www/include/backend/ldap/base/attrs.php b/mayor-orig/www/include/backend/ldap/base/attrs.php new file mode 100644 index 00000000..bf86d0d2 --- /dev/null +++ b/mayor-orig/www/include/backend/ldap/base/attrs.php @@ -0,0 +1,120 @@ +<?php +/* + Module: useradmin +*/ + + if (file_exists('lang/'._LANG.'/backend/ldap/attrs.php')) { + require('lang/'._LANG.'/backend/ldap/attrs.php'); + } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php')) { + require('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php'); + } + +###################################################### +# Alapértelmezett jogosultságok +# +# w - Írható/olvasható +# r - olvasható +# - - egyik sem +# +# Három karakter: admin, self, other jogai +###################################################### + + define('_DEFAULT_LDAP_RIGHTS','wr-'); + +###################################################### +# Az LDAP account attribútumok +###################################################### + + global $ldapAccountAttrs; + $ldapAccountAttrs = array( + 'uid', + 'uidnumber', + 'gidnumber', + 'gecos', + 'cn', + 'studyid', + 'sn', + 'givenname', + 'mail', + 'telephonenumber', + 'mobile', + 'l', + 'street', + 'postaladdress', + 'postalcode', + 'homedirectory', + 'shadowlastchange', + 'shadowexpire', + 'shadowwarning', + 'shadowmin', + 'shadowmax', + 'shadowinactive', + ); + + global $ldapGroupAttrs; + $ldapGroupAttrs = array( + 'gidnumber', + 'cn', + 'description', + 'member', + 'memberuid' + ); + + global $accountAttrToLDAP; + $accountAttrToLDAP = array( + 'userAccount' => 'uid', + 'userCn' => 'cn', + 'mail' => 'mail', + 'studyId' => 'studyId', + 'shadowLastChange' => 'shadowLastChange', + 'shadowWarning' => 'shadowWarning', + 'shadowMin' => 'shadowMin', + 'shadowMax' => 'shadowMax', + 'shadowExpire' => 'shadowExpire', + 'shadowInactive' => 'shadowInactive', + ); + + global $groupAttrToLDAP; + $groupAttrToLDAP = array( + 'groupCn' => 'cn', + 'groupDesc' => 'description', + 'member' => 'member' + ); + + global $ldapAccountAttrDef; + $ldapAccountAttrDef = array( + 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'), + 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'), + 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'), + 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'), + 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'), + 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'), + 'studyid' => array('desc' => _LDAPSTUDYID, 'type' => 'int', 'rights' => 'wrr'), + 'sn' => array('desc' => _LDAPSN, 'type' => 'text'), + 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'), + 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'), + 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'), + 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'), + 'l' => array('desc' => _LDAPL, 'type' => 'text'), + 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'), + 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'), + 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'), + 'homedirectory' => array('desc' => _LDAPHOMEDIRECTORY, 'type' => 'text'), + 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text'), + 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text'), + 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text'), + 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text'), + 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text'), + 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text'), + ); + + global $ldapGroupAttrDef; + $ldapGroupAttrDef = array( + 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'), + 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'), + 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'), + 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'), + 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'), + ); + +?> diff --git a/mayor-orig/www/include/backend/ldap/base/attrs.php.orig b/mayor-orig/www/include/backend/ldap/base/attrs.php.orig new file mode 100644 index 00000000..658dfa1c --- /dev/null +++ b/mayor-orig/www/include/backend/ldap/base/attrs.php.orig @@ -0,0 +1,175 @@ +<?php +/* + Module: useradmin +*/ + + if (file_exists('lang/'._LANG.'/backend/ldap/attrs.php')) { + require('lang/'._LANG.'/backend/ldap/attrs.php'); + } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php')) { + require('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php'); + } + +###################################################### +# Alapértelmezett jogosultságok +# +# w - Írható/olvasható +# r - olvasható +# - - egyik sem +# +# Három karakter: admin, self, other jogai +###################################################### + + define('_DEFAULT_LDAP_RIGHTS','wr-'); + +###################################################### +# Az LDAP account attribútumok +###################################################### + + global $ldapAccountAttrs; + $ldapAccountAttrs = array( + 'uid', + 'uidnumber', + 'gidnumber', + 'gecos', + 'cn', + 'sn', + 'givenname', + 'mail', + 'homepage', + 'url', + 'telephonenumber', + 'mobile', + 'year', + 'class', + 'l', + 'street', + 'postaladdress', + 'postalcode', + 'homedirectory', + 'owner', + 'leader', + 'description', + 'roomnumber', + 'registertimestamp', + 'primaryschoolomcode', + 'classtimestamp', + 'studentcardnumber', + 'studentcardtimestamp', + 'taxid', + 'birthtimestamp', + 'birthlocality', + 'registernumber', + 'diarynumber', + 'sex', + 'guardiancn', + 'mothercn', + 'localitytimestamp', + 'tajnumber', + 'member', + 'studentmember', + 'exemptmember', + 'examermember', + 'memberuid', + 'shadowlastchange', + 'shadowexpire', + 'shadowwarning', + 'shadowmin', + 'shadowmax', + 'shadowinactive', + 'parentpassword' + ); + + global $ldapGroupAttrs; + $ldapGroupAttrs = array( + 'gidnumber', + 'cn', + 'description', + 'owner', + 'member', + 'memberuid' + ); + + global $accountAttrToLDAP; + $accountAttrToLDAP = array( + 'userAccount' => 'uid', + 'userCn' => 'cn', + 'mail' => 'mail', + 'studyId' => 'studyId', + 'shadowLastChange' => 'shadowLastChange', + 'shadowWarning' => 'shadowWarning', + 'shadowMin' => 'shadowMin', + 'shadowMax' => 'shadowMax', + 'shadowExpire' => 'shadowExpire', + 'shadowInactive' => 'shadowInactive', + ); + + global $groupAttrToLDAP; + $groupAttrToLDAP = array( + 'groupId' => 'cn', + 'groupName' => 'description', +// 'leader' => 'leader', + 'owner' => 'owner', + 'member' => 'member' + ); + + global $ldapAccountAttrDef; + $ldapAccountAttrDef = array( + 'dn' => array('desc' => _LDAPDN, 'type' => 'text','rights' => 'rrr'), + 'uid' => array('desc' => _LDAPUID, 'type' => 'text','rights' => 'rrr'), + 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int','rights' => 'w--'), + 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'), + 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text','rights' => 'w--'), + 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'), + 'sn' => array('desc' => _LDAPSN, 'type' => 'text'), + 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'), + 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text','rights' => 'wwr'), + 'homepage' => array('desc' => _LDAPHOMEPAGE, 'type' => 'text','rights' => 'wwr'), + 'url' => array('desc' => _LDAPURL, 'type' => 'text'), + 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text','rights' => 'ww-'), + 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text','rights' => 'ww-'), + 'year' => array('desc' => _LDAPYEAR, 'type' => 'int'), + 'class' => array('desc' => _LDAPCLASS, 'type' => 'text'), + 'l' => array('desc' => _LDAPL, 'type' => 'text'), + 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'), + 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'), + 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'), + 'homedirectory' => array('desc' => _LDAPHOMEDIRECTORY, 'type' => 'text'), + 'roomnumber' => array('desc' => _LDAPROOMNUMBER, 'type' => 'int'), + 'registertimestamp' => array('desc' => _LDAPREGISTERTIMESTAMP, 'type' => 'timestamp'), + 'primaryschoolomcode' => array('desc' => _LDAPPRIMARYSCHOOLOMCODE, 'type' => 'text'), + 'classtimestamp' => array('desc' => _LDAPCLASSTIMESTAMP, 'type' => 'timestamp'), + 'studentcardnumber' => array('desc' => _LDAPSTUDENTCARDNUMBER, 'type' => 'text'), + 'studentcardtimestamp' => array('desc' => _LDAPSTUDENTCARDTIMESTAMP, 'type' => 'timestamp'), + 'taxid' => array('desc' => _LDAPTAXID, 'type' => 'text'), + 'birthtimestamp' => array('desc' => _LDAPBIRTHTIMESTAMP, 'type' => 'timestamp'), + 'birthlocality' => array('desc' => _LDAPBIRTHLOCALITY, 'type' => 'text'), + 'registernumber' => array('desc' => _LDAPREGISTERNUMBER, 'type' => 'text'), + 'diarynumber' => array('desc' => _LDAPDIARYNUMBER, 'type' => 'text'), + 'sex' => array('desc' => _LDAPSEX, 'type' => 'radio', 'options' => array(_FIU, _LANY)), + 'guardiancn' => array('desc' => _LDAPGUARDIANCN, 'type' => 'text'), + 'mothercn' => array('desc' => _LDAPMOTHERCN, 'type' => 'text'), + 'localitytimestamp' => array('desc' => _LDAPLOCALITYTIMESTAMP, 'type' => 'timestamp'), + 'tajnumber' => array('desc' => _LDAPTAJNUMBER, 'type' => 'text'), + 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text'), + 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text'), + 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text'), + 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text'), + 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text'), + 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text'), + ); + + global $ldapGroupAttrDef; + $ldapGroupAttrDef = array( + 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'), + 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'), + 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'), + 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'), + 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'), + 'owner' => array('desc' => _LDAPOWNER, 'type' => 'select'), +// 'studentmember' => array('desc' => _LDAPSTUDENTMEMBER, 'type' => 'text'), +// 'exemptmember' => array('desc' => _LDAPEXEMPTMEMBER, 'type' => 'text'), +// 'examermember' => array('desc' => _LDAPEXAMERMEMBER, 'type' => 'text'), +// 'leader' => array('desc' => _LDAPLEADER, 'type' => 'text'), + ); + +?>
\ No newline at end of file diff --git a/mayor-orig/www/include/backend/ldap/base/str.php b/mayor-orig/www/include/backend/ldap/base/str.php new file mode 100644 index 00000000..2ef3ad1c --- /dev/null +++ b/mayor-orig/www/include/backend/ldap/base/str.php @@ -0,0 +1,53 @@ +<?php +/* + Module: useradmin + + function date2timestamp($date) + function timestamp2date($stamp) + !! -- function ldap_cn_cmp($a,$b) -- !! Kell ez? + !! -- function tanar_cn_cmp($a,$b) -- !! Használjuk ezt? + + // - fuggoseg - // require_once('include/share/ldap/attrs.php'); + +*/ + +// ------------------------------------- +// Date2Timestamp +// ------------------------------------- + + function date2timestamp($date) { + $date = str_replace('-','',$date); + $date = str_replace('.','',$date).'010101Z'; + if (strlen($date) == 15) return $date; + else return ''; + } + +// ------------------------------------- +// Timestamp2Date +// ------------------------------------- + + function timestamp2date($stamp) { + $date = substr($stamp,0,4).'-'.substr($stamp,4,2).'-'.substr($stamp,6,2); + if (strlen($date) == 10) return $date; + else return ''; + } + +/* +// --------------------------------------------------------------------------- +// LDAP eredmény elemeinek összehasonlítása cn-alapján (Már latin2-es kódolású!!!) +// --------------------------------------------------------------------------- + + function ldap_cn_cmp($a,$b) { + return str_cmp($a['cn'][0],$b['cn'][0]); + } + +// --------------------------------------------------------------------------- +// $TANAROK tömb rendezéséhez (include/naplo/helyettesít.php) (Már latin2-es kódolású!!!) +// --------------------------------------------------------------------------- + + function tanar_cn_cmp($a,$b) { + return str_cmp($a['cn'],$b['cn']); + } +*/ + +?> diff --git a/mayor-orig/www/include/backend/ldap/password/changePassword.php b/mayor-orig/www/include/backend/ldap/password/changePassword.php new file mode 100644 index 00000000..22ace5ca --- /dev/null +++ b/mayor-orig/www/include/backend/ldap/password/changePassword.php @@ -0,0 +1,102 @@ +<?php +/* + Module: base/password + + function changeMyPassword($userAccount, $userPassword, $newPassword, $verification) + A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására. + Ennek eldöntése a függvényt hívó program feladata + */ + +############################################################################ +# Saját jelszó megváltoztatása +############################################################################ + +function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') { + + global $AUTH; + + if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy']; + $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); + $shadowLastChange = floor(time()/(60*60*24)); + + $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if ($ds) { + $b_ok = ldap_bind($ds,$userDn,$userPassword); + if ($b_ok) { + $info['userPassword'][0] = '{crypt}' . crypt($newPassword); + // Ezekre nincs jogosultsága a felhasználónak, nem változnak: + // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE + $info['shadowlastchange'][0] = $shadowLastChange; + if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { + $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire']; + } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { + $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); + } + $r = ldap_mod_replace($ds,$userDn,$info); + ldap_close($ds); + if ($r) { + $_SESSION['alert'][] = 'info:pw_change_success'; + return true; + } else { + $_SESSION['alert'][] = 'message:ldap_modify_failure'; + return false; + } + } else { + $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn; + ldap_close($ds); + return false; + } + } else { + $_SESSION['alert'][] = 'message:ldap_failure'; + return false; + } + +} + +############################################################################ +# Adminisztrátori jelszó változtatás +############################################################################ + +function changePassword($userAccount, $newPassword, $toPolicy = '') { + + global $AUTH; + + if ($toPolicy == '') $toPolicy = _POLICY; + $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); + $shadowLastChange = floor(time()/(60*60*24)); + + $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if ($ds) { + $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD); + if ($b_ok) { + $info['userPassword'][0] = '{crypt}' . crypt($newPassword); + // Ezekre nincs jogosultsága a felhasználónak, nem változnak: + // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE + $info['shadowlastchange'][0] = $shadowLastChange; + if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { + $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire']; + } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { + $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); + } + $r = @ldap_mod_replace($ds,$userDn,$info); + ldap_close($ds); + if ($r) { + $_SESSION['alert'][] = 'info:pw_change_success'; + return true; + } else { + $_SESSION['alert'][] = 'message:ldap_modify_failure'; + return false; + } + } else { + $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN; + ldap_close($ds); + return false; + } + } else { + $_SESSION['alert'][] = 'message:ldap_failure'; + return false; + } + +} + +?> diff --git a/mayor-orig/www/include/backend/ldap/session/accountInfo.php b/mayor-orig/www/include/backend/ldap/session/accountInfo.php new file mode 100644 index 00000000..24f5234b --- /dev/null +++ b/mayor-orig/www/include/backend/ldap/session/accountInfo.php @@ -0,0 +1,401 @@ +<?php +/* + Module: base/auth-ldap + Backend: ldap + + function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '') + function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) + function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) + function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) + function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) + +*/ + +###################################################### +# getLDAPInfo - általános LDAP lekérdezés +###################################################### + + function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = _POLICY) { + + global $AUTH; + + // Kapcsolódás az LDAP szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + ldap_close($ds); + return false; + } + + // Keresés + $filter = '(objectclass=*)'; + $sr = @ldap_search($ds, $userDn, $filter, $attrList); + if (!$sr) { + $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; + ldap_close($ds); + return false; + } + + $info = @ldap_get_entries($ds,$sr); + ldap_close($ds); + + return $info; + + } + +########################################################### +# ldapGetAccountInfo - felhasználói információk (backend) +########################################################### + + function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) { + + global $AUTH, $backendAttrs, $backendAttrDef; + + if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy); + + $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); + + $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy); + if ($result === false) { + return false; + } else { + + // LDAP schema --> mayor schema konverzió + for ($i = 0; $i < $result['count']; $i++) { + // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + foreach ($backendAttrDef as $attr => $def) { + // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); + elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; + else $return[$i][$attr] = array('count' => 0); + } + } + + return $return[0]; + + } + + } + +############################################################# +# ldapGetUserInfo - felhasználói információk (keretrendszer) +############################################################# + + function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) { + + global $AUTH, $accountAttrToLDAP, $ldapAttrDef; + $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); + + $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy); + if ($result === false) { + return false; + } else { + + $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']); + // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + foreach ($accountAttrToLDAP as $attr => $ldapAttr) { + if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr]; + else $return[$attr] = array('count' => 0); + } + + return $return; + + } + + } + +############################################################### +# ldapChangeAccountInfo - felhasználói információk módosítása +############################################################### + + function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) { + + global $AUTH, $backendAttrs, $backendAttrDef; + + $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); + + // Kapcsolódás az LDAP szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + ldap_close($ds); + return false; + } + + $emptyAttrs = explode(':',$_POST['emptyAttrs']); + + // Attribútumonként módosítunk + foreach ($backendAttrs as $attr) { + + if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; + else $rights = $backendAttrDef[$attr]['rights']; + + if ($rights[_ACCESS_AS] == 'w') { + + $mod_info = $add_info = $del_info = Array(); + $values = array(); + + if ($backendAttrDef[$attr]['type'] == 'image') { + $file = $_FILES[$attr]['tmp_name']; + if (file_exists($file)) { + $fd = fopen($file,'r'); + $values[0]=fread($fd,filesize($file)); + fclose($fd); + } else { + // Sose töröljük! + $emptyAttrs[] = $attr; + } + } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { + if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { + $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; + } + } else { + if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr]; + } + + if ($backendAttrDef[$attr]['type'] == 'select') { + if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; + if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; + } elseif (in_array($attr,$emptyAttrs)) { + if ($values[0] != '') $add_info[$attr] = $values; + } else { + if ($values[0] != '') { + $mod_info[$attr] = $values; + } else { + $del_info[$attr] = Array(); + } + } + + $_alert = array(); + if (count($add_info)!=0) { + if (!@ldap_mod_add($ds,$userDn,$add_info)) { + $_alert[] = 'message:insufficient_access:add:'.$attr; + } + } + if (count($mod_info)!=0) { + if (!@ldap_mod_replace($ds,$userDn,$mod_info)) { + $_alert[] = 'message:insufficient_access:mod:'.$attr; + } + } + if (count($del_info)!=0) { + if (!@ldap_mod_del($ds,$userDn,$del_info)) { + $_alert[] = 'message:insufficient_access:del:'.$attr; + } + } + + } else { +// $_alert[] = 'message:insufficient_access:'.$attr; + } + } // foreach + + ldap_close($ds); + if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; + else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; + + } + +########################################################### +# ldapGetGroupInfo - csoport információk (backend) +########################################################### + + function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) { + + global $AUTH, $backendAttrs, $backendAttrDef; + + + if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy); + + $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); + + $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy); + if ($result === false) { + return false; + } else { + + // Accountok lekérdezése + $info = getLDAPaccounts($toPolicy); + for ($i = 0; $i < $info['count']; $i++) { + $accountUid[] = array( + 'value' => $info[$i]['uid'][0], + 'txt' => $info[$i]['cn'][0] + ); + $accountDn[] = array( + 'value' => $info[$i]['dn'], + 'txt' => $info[$i]['cn'][0] + ); + } + + // LDAP schema --> mayor schema konverzió + for ($i = 0; $i < $result['count']; $i++) { + // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + foreach ($backendAttrDef as $attr => $def) { + // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); + elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; + else $return[$i][$attr] = array('count' => 0); + } + $return[$i]['member']['new'] = $accountDn; + $return[$i]['memberuid']['new'] = $accountUid; + } + + return $return[0]; + + } + + } + +############################################################### +# ldapChangeGroupInfo - csoport információk módosítása +############################################################### + + function ldapChangeGroupInfo($groupCn, $toPolicy = _POLICY) { + +// !!!! A memberuid / member szinkronjára nem figyel!! + + global $AUTH, $backendAttrs, $backendAttrDef; + + $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); + + // Kapcsolódás az LDAP szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + ldap_close($ds); + return false; + } + + $emptyAttrs = explode(':',$_POST['emptyAttrs']); + + // Attribútumonként módosítunk + foreach ($backendAttrs as $attr) { + + if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; + else $rights = $backendAttrDef[$attr]['rights']; + + if ($rights[_ACCESS_AS] == 'w') { + + $mod_info = $add_info = $del_info = Array(); + $values = array(); + + if ($backendAttrDef[$attr]['type'] == 'image') { + $file = $_FILES[$attr]['tmp_name']; + if (file_exists($file)) { + $fd = fopen($file,'r'); + $values[0]=fread($fd,filesize($file)); + fclose($fd); + } else { + // Sose töröljük! + $emptyAttrs[] = $attr; + } + } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { + if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { + $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; + } + } else { + if ($backendAttrDef[$attr]['type'] != '') + if (isset($_POST[$attr])) $values[0] = $_POST[$attr]; + else $values[0] = ''; + } + + if ($backendAttrDef[$attr]['type'] == 'select') { + if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; + if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; + } elseif (in_array($attr,$emptyAttrs)) { + if ($values[0] != '') $add_info[$attr] = $values; + } else { + if ($values[0] != '') { + $mod_info[$attr] = $values; + } else { + $del_info[$attr] = Array(); + } + } + + $_alert = array(); + if (count($add_info)!=0) { + if (!@ldap_mod_add($ds,$groupDn,$add_info)) { + $_alert[] = 'message:insufficient_access:add:'.$attr; + } + } + if (count($mod_info)!=0) { + if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) { + $_alert[] = 'message:insufficient_access:mod:'.$attr; + } + } + if (count($del_info)!=0) { + if (!@ldap_mod_del($ds,$groupDn,$del_info)) { + $_alert[] = 'message:insufficient_access:del:'.$attr; + } + } + + } else { +// $_alert[] = 'message:insufficient_access:'.$attr; + } + } // foreach + + ldap_close($ds); + if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; + else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; + + } + + function getLDAPaccounts($toPolicy = _POLICY) { + + global $AUTH; + + // Kapcsolódás az LDAP szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + ldap_close($ds); + return false; + } + + // Keresés + $attrList = array('cn','uid'); +// $filter = '(objectclass=mayorPerson)'; + $filter = '(objectclass=posixAccount)'; + $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $attrList); + if (!$sr) { + $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; + ldap_close($ds); + return false; + } + + ldap_sort($ds, $sr, 'cn'); + $info = @ldap_get_entries($ds,$sr); + ldap_close($ds); + + return $info; + + } + + +?> diff --git a/mayor-orig/www/include/backend/ldap/session/base.php b/mayor-orig/www/include/backend/ldap/session/base.php new file mode 100644 index 00000000..b8529cc2 --- /dev/null +++ b/mayor-orig/www/include/backend/ldap/session/base.php @@ -0,0 +1,255 @@ +<?php +/* + Module: base/session + Backend: ldap + + function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) + function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) + +*/ + + require('include/backend/ldap/base/attrs.php'); + require('include/backend/ldap/base/str.php'); + + ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); + + if ($AUTH[_POLICY]['backend'] == 'ldap') { + /* why not put into session cache */ + if ($AUTH[_POLICY]['cacheable']=='yes') { + $userDn = _queryCache('RDN',_POLICY,'value'); + } + if (!isset($userDn)) $userDn = LDAPuserAccountToDn(); + define('_USERDN', $userDn); + if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY); + unset($userDn); + } + +###################################################### +# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése +###################################################### + + function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) { + + global $AUTH; + + // Kapcsolódás a szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + return false; + } + + // Van-e adott azonosítójú felhasználó? + $filter="(&(uid=$userAccount)(objectClass=posixAccount))"; + $justthese=array('cn'); + $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); + if (!$sr) { + $_SESSION['alert'][] = "message:ldap_search_failure"; + ldap_close($ds); + return false; + } + $info=ldap_get_entries($ds,$sr); + ldap_close($ds); + + if ( $info['count'] === 0 ) { + // Nincs ilyen userAccount (uid) + $_SESSION['alert'][] = "message:no_account:$userAccount"; + return false; + } elseif ( $info['count'] > 1 ) { + // Több ilyen uid is van + $_SESSION['alert'][] = "message:multi_uid:$userAccount"; + return false; + } + + if ($info['count']==1) { // Van - egy - ilyen felhasználó + return $info[0]['dn']; + } + + } + + +###################################################### +# A groupCn(cn)-hez tartozó dn lekérdezése +###################################################### + + function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) { + + global $AUTH; + + // Kapcsolódás a szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + return false; + } + + // Van-e adott azonosítójú felhasználó? + $filter="(&(cn=$groupCn)(objectClass=posixGroup))"; + $justthese=array('cn'); + $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); + if (!$sr) { + $_SESSION['alert'][] = "message:ldap_search_failure"; + ldap_close($ds); + return false; + } + $info=ldap_get_entries($ds,$sr); + ldap_close($ds); + + if ( $info['count'] === 0 ) { + // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó... + if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn"; + return false; + } elseif ( $info['count'] > 1 ) { + // Több ilyen cn is van + $_SESSION['alert'][] = "message:multi_gid:$groupCn"; + return false; + } + + if ($info['count']==1) { // Van - egy - ilyen csoport + return $info[0]['dn']; + } + + } + + + +###################################################### +# memberOf - csoport tag-e +###################################################### + + function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) { + + global $AUTH, $LDAP2Mayor; + + $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); + if (in_array($group, $AUTH[$toPolicy]['categories'])) { + if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true; +# Ha nincs megfelelő ou-ban, akkor nézzük a csoport tagságot - így berakható időszakosan akárki pl a titkárság kategóriába... +# else return false; + } + + if (substr($group,0,3) != 'cn=') { + $groupDn = LDAPgroupCnToDn(ekezettelen($group)); + if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában + } else { + $groupDn = $group; + } + + // Kapcsolódás az LDAP szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + ldap_close($ds); + return false; + } + + $justthese = array('cn'); // valamit le kell kérdezni... +/* $filter = "(& (objectClass=mayorGroup) + (member=$userDn) + )"; +*/ + $filter = "(& (objectClass=posixGroup) + (memberUid=$userAccount) + )"; + $sr = @ldap_search($ds, $groupDn, $filter, $justthese); + if (!$sr) { + $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; + ldap_close($ds); + return false; + } + + $info = ldap_get_entries($ds, $sr); + ldap_close($ds); + + if ($info['count'] > 0) { + return true; + } else { + return false; + } + + } + +###################################################### +# LDAPcreateContainer - tároló létrehozása +###################################################### + + function LDAPcreateContainer($containerDn, $toPolicy) { + + global $AUTH; + + $pos = strpos($containerDn, ',ou='); + $container = substr($containerDn, 3, $pos-3); + $rdn = substr($containerDn, $pos+1); + $cat = substr($containerDn, 3, strlen($containerDn)-4-strlen($AUTH[$toPolicy]['ldap base dn'])); + + error_reporting(1); + + // Kapcsolódás a szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + return false; + } + + // OU létrehozása + $info['ou'][0] = $container; + $info['objectclass'][0] = 'organizationalUnit'; + $info['description'][0] = $container; + + $_r1 = ldap_add($ds, $containerDn, $info); + if (!$_r1) { +// $_SESSION['alert'][] = 'message:ldap_add_failure:'.$containerDn; + return false; +// printf("LDAP-Error: %s<br>\n", ldap_error($ds)); +// echo '<pre>'; var_dump($info); echo '</pre>'; + } + + // az OU-hoz tartozó csoportok OU-ja + $info['ou'][0] = 'Groups'; + $info['objectclass'][0] = 'organizationalUnit'; + $info['description'][0] = "$container csoportjai"; + + $containerDn = "ou=Groups,$containerDn"; + $_r1 = ldap_add($ds, $containerDn, $info); + if (!$_r1) { + printf("LDAP-Error: %s<br>\n", ldap_error($ds)); + echo '<pre>'; var_dump($info); echo '</pre>'; + } + + // Az osztály csoport létrehozása + require_once('include/modules/session/createGroup.php'); + createGroup($container, "$container csoport", "$cat", $toPolicy); + + ldap_close($ds); + + } + +?> diff --git a/mayor-orig/www/include/backend/ldap/session/createAccount.php b/mayor-orig/www/include/backend/ldap/session/createAccount.php new file mode 100644 index 00000000..79f40530 --- /dev/null +++ b/mayor-orig/www/include/backend/ldap/session/createAccount.php @@ -0,0 +1,204 @@ +<?php +/* + Modules: base/session + + UNTESTED!!!! +*/ + + function ldapCreateAccount( + $userCn, $userAccount, $userPassword, $toPolicy, $SET + ) { + + global $AUTH; + + $category = ekezettelen($SET['category']); + $shadowLastChange = floor(time() / (60*60*24)); + + // $toPolicy --> ldap backend - ellenőrzés! + if ($AUTH[$toPolicy]['backend'] != 'ldap') { + $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; + return false; + } + + // Kapcsolódás az LDAP szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + ldap_close($ds); + return false; + } + + $info = $groupinfo = $oinfo = Array(); + + // uid ütközés ellenőrzése + $filter = "(uid=$userAccount)"; + $justthese = array('uid'); + $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); + $uinfo = ldap_get_entries($ds, $sr); + $uidCount = $uinfo['count']; + ldap_free_result($sr); + if ($uidCount > 0) { + $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount; + return false; + } + + // Az következő uidNumber megállapítása + $filter = '(objectClass=mayorOrganization)'; + $justthese = array('nextuid', 'freeuid'); + $sr = ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); + $uidinfo = ldap_get_entries($ds,$sr); + ldap_free_result($sr); + if (isset($uidinfo[0]['freeuid']['count'])) $freeUidCount = $uidinfo[0]['freeuid']['count']; + else $freeUidCount = 0; + if ($freeUidCount == 0) { + $info['uidnumber'] = array($uidinfo[0]['nextuid'][0]); + $info['gidnumber'] = $info['uidnumber']; + $oinfo['nextuid'] = $info['uidnumber'][0]+1; + } else { + $info['uidnumber'] = array($uidinfo[0]['freeuid'][$freeUidCount-1]); + $info['gidnumber'] = $info['uidnumber']; + $oinfo['freeuid'] = $uidinfo[0]['freeuid'][$freeUidCount-1]; + } + + // shadow attributumok... + // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '') + $info['shadowlastchange'] = $shadowLastChange; + if (isset($AUTH[$toPolicy]['shadowmin']) && $AUTH[$toPolicy]['shadowmin'] != '') $info['shadowmin'] = $AUTH[$toPolicy]['shadowmin']; + if (isset($AUTH[$toPolicy]['shadowmax']) && $AUTH[$toPolicy]['shadowmax'] != '') $info['shadowmax'] = $AUTH[$toPolicy]['shadowmax']; + if (isset($AUTH[$toPolicy]['shadowwarning']) && $AUTH[$toPolicy]['shadowwarning'] != '') $info['shadowwarning'] = $AUTH[$toPolicy]['shadowwarning']; + if (isset($AUTH[$toPolicy]['shadowinactive']) && $AUTH[$toPolicy]['shadowinactive'] != '') $info['shadowinactive'] = $AUTH[$toPolicy]['shadowinactive']; + if (isset($AUTH[$toPolicy]['shadowexpire']) && $AUTH[$toPolicy]['shadowexpire'] != '') $info['shadowexpire'] = $AUTH[$toPolicy]['shadowexpire']; + + // A szokásos attribútumok + $info['uid'] = array($userAccount); + $info['cn'] = array($userCn); + $info['sn'] = array('-'); + $info['userpassword'] = array('{crypt}' . crypt($userPassword)); + if (is_array($SET['policyAttrs'])) foreach ($SET['policyAttrs'] as $attr => $value) $info[kisbetus($attr)] = $value; + if (($pos = strpos($category,',')) !== false) + $info['homedirectory'] = "/home/diak/".substr($category,0,$pos)."/$userAccount"; + else + $info['homedirectory'] = "/home/$category/$userAccount"; + + // A kategória függő attribútumok + if (isset($SET['container']) && $SET['container'] != '') { + $dn = "uid=$userAccount,".$SET['container']; + $group = "cn=$userAccount,ou=Groups,".$SET['container']; + $ouDn = $SET['container']; + } else { + $dn = "uid=$userAccount,ou=".$category.','.$AUTH[$toPolicy]['ldap base dn']; + $group = "cn=$userAccount,ou=Groups,ou=".$category.','.$AUTH[$toPolicy]['ldap base dn']; + $ouDn = "ou=".$category.",".$AUTH[$toPolicy]['ldap base dn']; + } + + if ($SET['createContainer']) { // Létrehozza a tároló elemet, benne az OU=Groups tárolót, benne a megfelelő csoportot + LDAPcreateContainer($ouDn, $toPolicy); + } + // objectum osztályok + // a mayorPerson a posixAccount és shadowAccount leszármazottja, + // de kell egy structural object is - ez a person - aminek kötelező paramétere az sn! + $info['objectclass'] = array('person', 'mayorPerson'); + + // user felvétel + $info['homedirectory'] = ekezettelen($info['homedirectory']); // Nem lehet ékezetes :o( + + $_r1 = ldap_add($ds,$dn,$info); + if (!$_r1) { + printf("LDAP-Error: %s<br>\n", ldap_error($ds)); + echo $dn.'<pre>'; var_dump($info); echo '</pre>'; + return false; + } + + // user csoportja + $groupinfo['cn'] = $userAccount; + $groupinfo['gidnumber'] = $info['uidnumber']; + $groupinfo['memberuid'] = ekezettelen($userAccount); // Nem lehet ékezetes :o( + $groupinfo['description'] = 'A felhasználó saját csoportja'; + $groupinfo['objectclass'] = 'posixGroup'; + $_r2 = ldap_add($ds, $group, $groupinfo); + if (!$_r2) { + printf("LDAP-Error (userGroup): %s<br>\n", ldap_error($ds)); + echo $group.'<pre>'; var_dump($groupinfo); echo '</pre>'; + return false; + } + + // Kategória csoportba rakás vagy tanár csoportba rakás ugye... + // És nincs diák csoport! + $ginfo['memberuid'] = ekezettelen($userAccount); // Nem lehet ékezetes :o( + $ginfo['member'] = $dn; + + // Kategória csoportba és egyéb csoportokba rakás + if (isset($SET['category'])) { + if (is_array($SET['groups'])) array_unshift($SET['groups'], $category); + else $SET['groups'] = array($category); + + for ($i = 0; $i < count($SET['groups']); $i++) { + + $filter = "(&(objectClass=mayorGroup)(cn=".$SET['groups'][$i]."))"; + $justthese = array('cn'); + $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); + if (ldap_count_entries($ds, $sr)) { + $grpInfo = ldap_get_entries($ds, $sr); + $groupDn = $grpInfo[0]['dn']; + $_r3 = ldap_mod_add($ds, $groupDn, $ginfo); + if (!$_r3) { + printf("LDAP-Error (category): %s<br>\n", ldap_error($ds)); + echo $groupDn.'<pre>'; var_dump($ginfo); echo '</pre>'; + } + } + + } + + } + + + // nextuid növelés + if ($freeUidCount == 0) { + $_r4 = ldap_mod_replace($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); + } else { + $_r4 = ldap_mod_del($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); + } + if (!$_r4) { + printf("LDAP-Error (freeUid): %s<br>\n", ldap_error($ds)); + return false; + } + + ldap_close($ds); + + if (defined('_DATADIR') + && isset($AUTH[$toPolicy]['createAccountScript']) + && file_exists(_DATADIR) + ) { + $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+'); + if ($sfp) { + fwrite($sfp,"\n# $userAccount l.trehoz.sa\n"); + fwrite($sfp,'/bin/mkdir -p '.$info['homedirectory']."\n"); + fwrite($sfp,'/bin/chmod 2755 '.$info['homedirectory']."\n"); + fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."\n"); + + fwrite($sfp,'/bin/mkdir '.$info['homedirectory']."/private\n"); + fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."/private\n"); + fwrite($sfp,'/bin/chmod 0770 '.$info['homedirectory']."/private\n"); + + fwrite($sfp,'/bin/mkdir '.$info['homedirectory']."/public_html\n"); + fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."/public_html\n"); + fwrite($sfp,'/bin/chmod 0755 '.$info['homedirectory']."/public_html\n"); + + fwrite($sfp,'/bin/ln -s '.$info['homedirectory']." /home\n"); +// chmod($scriptFile,0770); + fclose($sfp); + } + } + $_SESSION['alert'][] = 'info:create_uid_success:'.$dn; + return true; + + } + +?> diff --git a/mayor-orig/www/include/backend/ldap/session/createGroup.php b/mayor-orig/www/include/backend/ldap/session/createGroup.php new file mode 100644 index 00000000..df2de812 --- /dev/null +++ b/mayor-orig/www/include/backend/ldap/session/createGroup.php @@ -0,0 +1,103 @@ +<?php +/* + Modules: base/session +*/ + + function ldapCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET) { + + global $AUTH; + $category = ekezettelen($SET['category']); + + // $toPolicy --> ldap backend - ellenőrzés! + if ($AUTH[$toPolicy]['backend'] != 'ldap') { + $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; + return false; + } + + // Kapcsolódás az LDAP szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + ldap_close($ds); + return false; + } + + $info = $groupinfo = $oinfo = Array(); + + // cn ütközés ellenőrzése + $filter = "(&(objectclass=posixgroup)(cn=$groupCn))"; + $justthese = array('cn'); + $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); + $ginfo = ldap_get_entries($ds, $sr); + $gCount = $ginfo['count']; + ldap_free_result($sr); + if ($gCount > 0) { + $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn; + return false; + } + + // Az következő gidNumber megállapítása + $filter = '(objectClass=mayorOrganization)'; + $justthese = array('nextgid', 'freegid'); + $sr = ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); + $ginfo = ldap_get_entries($ds,$sr); + ldap_free_result($sr); + if (isset($ginfo[0]['freegid']['count'])) $freeGidCount = $ginfo[0]['freegid']['count']; + else $freeGidCount = 0; + if ($freeGidCount == 0) { + $info['gidnumber'] = array($ginfo[0]['nextgid'][0]); + $oinfo['nextgid'] = $info['gidnumber'][0]+1; + } else { + $info['gidnumber'] = array($ginfo[0]['freegid'][$freeGidCount-1]); + $oinfo['freegid'] = $ginfo[0]['freegid'][$freeGidCount-1]; + } + + // A szokásos attribútumok + $info['cn'] = array($groupCn); + $info['description'] = array($groupDesc); + + // A kategória függő attribútumok + if (isset($SET['container'])) $dn = "cn=$groupCn,".$SET['container']; + else $dn = "cn=$groupCn,ou=Groups,ou=$category,".$AUTH[$toPolicy]['ldap base dn']; + + // objectum osztályok + $info['objectclass'] = array('posixGroup', 'mayorGroup'); + + // Policy függő attribútumok - LDAP esetén pl a member kötelező + if (is_array($SET['policyAttrs'])) foreach ($SET['policyAttrs'] as $attr => $value) $info[kisbetus($attr)] = $value; + + // csoport felvétel + $_r1 = ldap_add($ds,$dn,$info); + if (!$_r1) { + printf("LDAP-Error: %s<br>\n", ldap_error($ds)); + echo $dn.'<hr>'; + var_dump($info); + echo '<hr>'; + var_dump($SET); + } + + // nextuid növelés + if ($freeGidCount == 0) { + $_r4 = ldap_mod_replace($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); + } else { + $_r4 = ldap_mod_del($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); + } +// if (!$_r4) { +// printf("LDAP-Error: %s<br>\n", ldap_error($_r4)); +// } + + ldap_close($ds); + + $_SESSION['alert'][] = 'info:create_group_success:'.$dn; + return true; + + } + +?> diff --git a/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php new file mode 100644 index 00000000..62e19c5f --- /dev/null +++ b/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php @@ -0,0 +1,311 @@ +<?php +/* + Module: base/session + Backend: ldap + + ! -- Csak publikus mezőkre lehet keresni! -- ! + function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)') + function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn')) + function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') { + +*/ + +###################################################### +# Általános LDAP kereső függvény +###################################################### + + function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) { + + global $AUTH; + + if ($pattern == '') { + $_SESSION['alert'][] = 'message:empty_field'; + return false; + } + + // Kapcsolódás az LDAP szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + ldap_close($ds); + return false; + } + + // Keresés + $filter = "(&$filter($attr=*$pattern*))"; + $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $searchAttrs); + if (!$sr) { + $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; + ldap_close($ds); + return false; + } + + $info = @ldap_get_entries($ds,$sr); + ldap_close($ds); + + return $info; + + } + +###################################################### +# ldapSearchAccount - felhasználó kereső függvény +###################################################### + + function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) { + + global $accountAttrToLDAP; + + // A keresendő attribútum konvertálása LDAP attribútummá + if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ]; + else $attrLDAP = $attr; + if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!! + + // A lekérendő attribútumok konvertálása LDAP attribútummá + for ($i = 0; $i < count($searchAttrs); $i++) { + if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ]; + else $searchAttrsLDAP[$i] = $searchAttrs[$i]; + } + + $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=posixaccount)', $toPolicy); + if ($result === false) { + return false; + } else { + + // LDAP schema --> mayor schema konverzió + for ($i = 0; $i < $result['count']; $i++) { + // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']); + for ($j = 0; $j < count($searchAttrs); $j++) { + $a = $searchAttrs[$j]; + if (isset($result[$i][ $accountAttrToLDAP[$a] ])) { + if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ $accountAttrToLDAP[$a] ]; + else $return[$i][$a] = $result[$i][$a]; + } else { + $return[$i][$a] = array('count' => 0) ; + } + } + $return[$i]['category'] = getAccountCategories($result[$i]['uid'][0], $toPolicy); + $return[$i]['category']['count'] = count($return[$i]['category']); + } + $return['count'] = $result['count']; + + return $return; + + } + + } + +###################################################### +# ldapSearchGroup - csoport kereső függvény +###################################################### + + function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) { + + global $groupAttrToLDAP; + + // A keresendő attribútum konvertálása LDAP attribútummá + if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ]; + else $attrLDAP = $attr; + if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!! + + // A lekérendő adtibútumok konvertálása LDAP attribútummá + for ($i = 0; $i < count($searchAttrs); $i++) { + if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ]; + else $searchAttrsLDAP[$i] = $searchAttrs[$i]; + } + + $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=posixgroup)', $toPolicy); + if ($result === false) { + return false; + } else { + + // LDAP schema --> mayor schema konverzió + for ($i = 0; $i < $result['count']; $i++) { + // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']); + for ($j = 0; $j < count($searchAttrs); $j++) { + $a = $searchAttrs[$j]; + if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') { + if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ]; + else $return[$i][$a] = ''; + } else { + $return[$i][$a] = $result[$i][$a]; + } + } + } + $return['count'] = $result['count']; + + return $return; + + } + + } + +###################################################### +# ldapDeleteAccount - account törlése +###################################################### + + function ldapDeleteAccount($userAccount, $toPolicy = _POLICY) { + + global $AUTH; + + $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); + + // $toPolicy --> ldap backend - ellenőrzés + if ($AUTH[$toPolicy]['backend'] != 'ldap') { + $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; + return false; + } + + // Kapcsolódás az LDAP szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + ldap_close($ds); + return false; + } + + // Az uidNumber, a homeDirectory lekerdezése + $filter = "(objectclass=posixAccount)"; + $justthese = array('uidNumber','homedirectory'); + $sr = @ldap_search($ds,$userDn,$filter,$justthese); + if (!$sr) { + $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; + ldap_close($ds); + return false; + } ; + + $uidinfo = @ldap_get_entries($ds,$sr); + $uidNumber = $uidinfo[0]['uidnumber'][0]; + if (isset($uidinfo[0]['homedirectory'][0])) $homeDirectory = $uidinfo[0]['homedirectory'][0]; + else $homeDirectory = ''; + $uid=$userAccount; + + // GroupDn, freeuid + $groupDn = "cn=$uid,ou=Groups".strstr($userDn,','); + $oinfo['freeuid'] = $uidNumber; + + // user törlése + if (!@ldap_delete($ds,$userDn)) { + $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount; + } + + // freeuid felvétele + if (!@ldap_mod_add($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo)) { + $_SESSION['alert'][] = 'message:ldap_modify_failure:freeuid:'.$oinfo['freeuid']; + } + + // csoport törlése + if (!@ldap_delete($ds,$groupDn)) { + $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupDn; + } + + // törlés a csoportból + $filter = "(memberuid=$uid)"; + $justthese = array('cn','objectclass','member'); + $sr = @ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'],$filter,$justthese); + if (!$sr) { + $_SESSION['alert'][] = "message:ldap_search_failure:groups:".$userAccount; + ldap_close($ds); + return false; + } ; + + $groupinfo = ldap_get_entries($ds,$sr); + + for ($i = 0; $i < $groupinfo['count']; $i++) { + $grpinfo = array('memberuid' => $uid); + if (@in_array($userDn,$groupinfo[$i]['member'])) { + $grpinfo['member']=$userDn; + } + if (!@ldap_mod_del($ds,$groupinfo[$i]['dn'],$grpinfo)) { + $_SESSION['alert'][] = 'message:ldap_delete_failure:member:'.$groupinfo[$i]['dn']; + } + } + + ldap_close($ds); + + $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn; + return true; + + } + +###################################################### +# ldapDeleteGroup - account törlése +###################################################### + + function ldapDeleteGroup($groupCn, $toPolicy = _POLICY) { + + global $AUTH; + + $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); + + // $toPolicy --> ldap backend - ellenőrzés + if ($AUTH[$toPolicy]['backend'] != 'ldap') { + $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; + return false; + } + + // Kapcsolódás az LDAP szerverhez + $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); + if (!$ds) { + $_SESSION['alert'][] = 'alert:ldap_connect_failure'; + return false; + } + + // Csatlakozás a szerverhez + $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); + if (!$r) { + $_SESSION['alert'][] = 'message:ldap_bind_failure'; + ldap_close($ds); + return false; + } + + // Az uidNumber, a homeDirectory lekerdezése + $filter = '(objectclass=posixGroup)'; + $justthese = array('gidNumber'); + $sr = @ldap_search($ds, $groupDn, $filter, $justthese); + if (!$sr) { + $_SESSION['alert'][] = 'message:ldap_search_failure:'.$userDn; + ldap_close($ds); + return false; + } ; + + $gidinfo = ldap_get_entries($ds, $sr); + $gidNumber = $gidinfo[0]['gidnumber'][0]; + + // freeGid + $oinfo['freegid'] = $gidNumber; + + if (!@ldap_delete($ds, $groupDn)) { + $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn; + } + + // freeuid felvétele + if (!@ldap_mod_add($ds, $AUTH[$toPolicy]['ldap base dn'], $oinfo)) { + $_SESSION['alert'][] = 'message:ldap_modify_failure:freeGid:'.$oinfo['freegid']; + } + + ldap_close($ds); + + $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn; + return true; + + } + + + +?> |