aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/www/include/backend
diff options
context:
space:
mode:
Diffstat (limited to 'mayor-orig/www/include/backend')
-rw-r--r--mayor-orig/www/include/backend/ads/auth/login.php358
-rw-r--r--mayor-orig/www/include/backend/ads/base/attrs.php160
-rw-r--r--mayor-orig/www/include/backend/ads/password/changePassword.php165
-rw-r--r--mayor-orig/www/include/backend/ads/session/accountInfo.php416
-rw-r--r--mayor-orig/www/include/backend/ads/session/base.php188
-rw-r--r--mayor-orig/www/include/backend/ads/session/createAccount.php157
-rw-r--r--mayor-orig/www/include/backend/ads/session/createGroup.php82
-rw-r--r--mayor-orig/www/include/backend/ads/session/search/searchAccount.php277
-rw-r--r--mayor-orig/www/include/backend/file/auth/login.php121
-rw-r--r--mayor-orig/www/include/backend/file/session/base.php6
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/auth/login.php163
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/base/attrs.php146
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/password/changePassword.php161
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php401
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/base.php184
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/createAccount.php157
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/createGroup.php82
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php271
-rw-r--r--mayor-orig/www/include/backend/ldap/auth/login.php144
-rw-r--r--mayor-orig/www/include/backend/ldap/base/attrs.php120
-rw-r--r--mayor-orig/www/include/backend/ldap/base/attrs.php.orig175
-rw-r--r--mayor-orig/www/include/backend/ldap/base/str.php53
-rw-r--r--mayor-orig/www/include/backend/ldap/password/changePassword.php102
-rw-r--r--mayor-orig/www/include/backend/ldap/session/accountInfo.php401
-rw-r--r--mayor-orig/www/include/backend/ldap/session/base.php255
-rw-r--r--mayor-orig/www/include/backend/ldap/session/createAccount.php204
-rw-r--r--mayor-orig/www/include/backend/ldap/session/createGroup.php103
-rw-r--r--mayor-orig/www/include/backend/ldap/session/search/searchAccount.php311
-rw-r--r--mayor-orig/www/include/backend/ldapng/auth/login.php163
-rw-r--r--mayor-orig/www/include/backend/ldapng/base/attrs.php137
-rw-r--r--mayor-orig/www/include/backend/ldapng/password/changePassword.php160
-rw-r--r--mayor-orig/www/include/backend/ldapng/session/accountInfo.php399
-rw-r--r--mayor-orig/www/include/backend/ldapng/session/base.php190
-rw-r--r--mayor-orig/www/include/backend/ldapng/session/createAccount.php157
-rw-r--r--mayor-orig/www/include/backend/ldapng/session/createGroup.php82
-rw-r--r--mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php271
-rw-r--r--mayor-orig/www/include/backend/mysql/auth/login.php144
-rw-r--r--mayor-orig/www/include/backend/mysql/base/attrs.php48
-rw-r--r--mayor-orig/www/include/backend/mysql/password/changePassword.php75
-rw-r--r--mayor-orig/www/include/backend/mysql/session/accountInfo.php258
-rw-r--r--mayor-orig/www/include/backend/mysql/session/base.php52
-rw-r--r--mayor-orig/www/include/backend/mysql/session/createAccount.php106
-rw-r--r--mayor-orig/www/include/backend/mysql/session/createGroup.php37
-rw-r--r--mayor-orig/www/include/backend/mysql/session/search/searchAccount.php169
44 files changed, 7811 insertions, 0 deletions
diff --git a/mayor-orig/www/include/backend/ads/auth/login.php b/mayor-orig/www/include/backend/ads/auth/login.php
new file mode 100644
index 00000000..59cbf3e5
--- /dev/null
+++ b/mayor-orig/www/include/backend/ads/auth/login.php
@@ -0,0 +1,358 @@
+<?php
+/*
+ Auth-ADS
+
+ A név-jelszó pár ellenőrzése Active Directory adatbázis alapján
+*/
+
+/* --------------------------------------------------------------
+
+ Felhasználók azonosítása az AD-ban tárolt person (konfigurálható)
+ osztályok alapján történik.
+
+ A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
+ konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php)
+
+ Sikeres hitelesítés esetén
+ az egyéb account információkat (minimálisan a 'cn', azaz 'common name'
+ attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
+
+ Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
+ elutasítás okát.
+
+-------------------------------------------------------------- */
+
+######################################################################
+# Az LDAP protocol version 3 kötelező,
+# referals=0 nélkül használhatatlanul lassú
+######################################################################
+
+ ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
+
+ /**
+ * A userAccountControl pár fontos flag-e:
+ *
+ * Forrás: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680832%28v=vs.85%29.aspx
+ *
+ * 512 Enabled Account
+ * 514 Disabled Account
+ * 544 Enabled, Password Not Required
+ * 546 Disabled, Password Not Required
+ * 66048 Enabled, Password Doesn't Expire
+ * 66050 Disabled, Password Doesn't Expire
+ * 66080 Enabled, Password Doesn't Expire & Not Required
+ * 66082 Disabled, Password Doesn't Expire & Not Required
+ * 590336 Enabled, User Cannot Change Password, Password Never Expires
+ *
+ * Ha pwdLastSet=0 és UF_DONT_EXPIRE_PASSWD=0, akkor következő bejelentkezéskor jelszót _kell_ változtatni.
+ **/
+ define('ADS_UF_ACCOUNTDISABLE',0x00000002); // The user account is disabled.
+ define('ADS_UF_PASSWD_NOTREQD',0x00000020); // No password is required.
+ define('ADS_UF_PASSWD_CANT_CHANGE',0x00000040); // The user cannot change the password.
+ define('ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED',0x00000080); // The user can send an encrypted password.
+ define('ADS_UF_NORMAL_ACCOUNT',0x00000200); // This is a default account type that represents a typical user.
+ define('ADS_UF_DONT_EXPIRE_PASSWD',0x00010000); // The password for this account will never expire.
+ define('ADS_UF_PASSWORD_EXPIRED',0x00800000); // The user password has expired.
+
+ /**
+ * Ha az accountExpires = 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807), akkor az account sose jár le. (nem a jelszó! az account.)
+ **/
+ define('ADS_ACCOUNTEXPIRES_NEVER','9223372036854775807');
+
+ /**
+ * Forrás: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724284%28v=VS.85%29.aspx
+ * - unixDays - Az eltelt napok száma 1970-01-01-től
+ * - unixTimestamp - Az eltelt másodpercek száma 1970-01-01 00:00:00-től
+ * - msFileTime - A 1601-01-01 00:00:00-tól elteltt 100 nanosecundum-os intervallumok száma (1/10000000 sec)
+ **/
+ function msFileTime2unixDays($pwdLastSet) {
+ return floor((($pwdLastSet / 10000000) - 11644406783) / 86400);
+ }
+ function msFileTime2unixTimestamp($pwdLastSet) {
+ return bcsub(bcdiv($pwdLastSet, '10000000'), '11644473600');
+ }
+
+ function getAccountStatus($userAccount, $toPolicy, $userinfo, $ds) {
+
+ /**
+ * Meghatározza a felhasználói jelszó lejárati dátumát és az account egyéb fontos jellemzőit
+ *
+ * @params: $userAccount - a lekérdezendő account
+ * @params: $userinfo - A user adatait tartalmazó korábbi LDAP lekérdezés eredménye (useraccountcontrol, pwdlastchange)
+ * @params: $ds - LDAP csatlakozás azonosító
+ * @requires: bcmath http://www.php.net/manual/en/book.bc.php
+ * MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx - a pwdLastSet 64 bites integer
+ * @return: array
+ * @param book $isGUID Is the username passed a GUID or a samAccountName
+ **/
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = _POLICY;
+ if (!function_exists('bcmod')) {
+ $_SESSION['alert'][] = 'message:system_error:Nem támogatott függvényhívás [bcmod]! http://www.php.net/manual/en/book.bc.php';
+ return false;
+ };
+
+ if (!$ds) {
+ $closeLDAP = true;
+ // Csatlakozzunk az LDAP kiszolgálóhoz!
+ // Kapcsolódás a szerverhez
+ $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+ }
+
+ if (!is_array($userinfo)) {
+ // Kérdezzük le az account adatait!
+ $filter="(&(sAMAccountName=$userAccount)(objectClass=".$AUTH[$toPolicy]['adsUserObjectClass']."))";
+ $justthese = array("sn","cn",$AUTH[$toPolicy]['adsStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax","pwdlastset","accountexpires","useraccountcontrol");
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ if ($closeLDAP) ldap_close($ds);
+ return false;
+ }
+ $userinfo = ldap_get_entries($ds,$sr);
+ if ( $userinfo['count'] === 0 || is_null($userinfo)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10)
+ // Nincs ilyen userAccount (uid)
+ $_SESSION['alert'][] = "message:no_account:$userAccount";
+ if ($closeLDAP) ldap_close($ds);
+ return false;
+ }
+ if ( $userinfo['count'] > 1 ) {
+ // Több ilyen uid is van
+ $_SESSION['alert'][] = "message:multi_uid";
+ if ($closeLDAP) ldap_close($ds);
+ return false;
+ }
+ }
+ $pwdlastset = $userinfo[0]['pwdlastset'][0];
+ $userAccountControl = $userinfo[0]['useraccountcontrol'][0];
+
+ $status = array();
+
+ $status['pwdLastSet'] = $pwdlastset;
+ $status['pwdLastSetDt'] = date('Y-m-d H:i:s',msFileTime2unixTimestamp($pwdlastset));
+ $status['accountExpires'] = $userinfo[0]['accountexpires'][0];
+ $status['accountNeverExpires'] = (ADS_ACCOUNTEXPIRES_NEVER==$userinfo[0]['accountexpires'][0]) || ($userinfo[0]['accountexpires'][0] == 0);
+ if (!$status['accountNeverExpires']) {
+ $status['accountExpiresDt'] = date('Y-m-d H:i:s',msFileTime2unixTimestamp($userinfo[0]['accountexpires'][0]));
+ $status['accountExpiresTimestamp'] = msFileTime2unixTimestamp($userinfo[0]['accountexpires'][0]);
+ }
+ $status['accountDisabled'] = (bool)($userAccountControl & ADS_UF_ACCOUNTDISABLE);
+ $status['noPasswordRequired'] = (bool)($userAccountControl & ADS_UF_PASSWD_NOTREQD);
+ $status['cannotChangePassword'] = (bool)($userAccountControl & ADS_UF_PASSWD_CANT_CHANGE);
+ $status['normalAccount'] = (bool)($userAccountControl & ADS_UF_NORMAL_ACCOUNT);
+ $status['passwordNeverExpire'] = (bool)($userAccountControl & ADS_UF_DONT_EXPIRE_PASSWD);
+ $status['passwordExpired'] = (bool)($userAccountControl & ADS_UF_PASSWORD_EXPIRED); // Ez mintha nem működne...
+ $status['mustChangePassword'] = ($pwdlastset === '0' && $status['passwordNeverExpire']);
+
+ // A jelszó lejárati dátum az AD-ben két értékből számítható ki:
+ // - A felhasználó saját pwdLastSet atribútuma: ez tárolja a jelszó utolsó módosításának időpontját
+ // - A tartomány maxPwdAge atribútuma: milyen hosszú ideig lehet érvényes a jelszó a tartományban
+ //
+ // A Microsoft persze saját kiindulási időpontot és lépési egységet használ az idő tárolására.
+ // Ez a függvény konvertálja ezt az értéket Unix időbélyeggé
+
+ // Kérdezzük le a tartomány maxPwdAge attribútumát!
+ $sr = ldap_read($ds, $AUTH[$toPolicy]['adsBaseDn'], 'objectclass=domain', array('maxPwdAge'));
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:getAccountStatus (ads backend)";
+ if ($closeLDAP) ldap_close($ds);
+ return false;
+ }
+ $info = ldap_get_entries($ds, $sr);
+ $maxpwdage = $info[0]['maxpwdage'][0];
+
+ // Lásd MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
+ //
+ // pwdLastSet tartalmazza az 1601 (UTC) január 1 óta eltelt 100 nanoszekundumos időintervallumok számát
+ // 64 bit-es integer típusú értékként
+ //
+ // Ettől az időponttól a Unix időszámítás kezdetéig eltelt másodpercek száma 11644473600.
+ //
+ // maxPwdAge szintén large integer, ami a jelszóváltoztatás és a jelszó lejárat közötti 100 nanoszekundumos időintervallumok számát tárolja
+
+ $status['maxPwdAgeInDays'] = bcdiv(bcsub(0,$maxpwdage),'36000000000')/24;
+
+ // Ezt az étéket át kell váltanunk másodpercekre, de ez egy negatív mennyiség!
+ //
+ // Ha a maxPwdAge alsó 32 bites része 0, akkor a jelszavak nem járnak le
+ //
+ // Sajnos ezek a számok túl nagyok a PHP integer típusához, ezért kell a BCMath függvényeit használnunk
+
+ $status['passwordsDoNotExpireInDomain'] = (bcmod($maxpwdage, 4294967296) === '0');
+
+ // Adjuk össze a pwdlastset és maxpwdage értékeket (pontosabban az utóbbi negatív értéket
+ // vonjuk ki az előbbiből), így megkapjuk a jelszó lejáratának időpontját a Microsoft féle
+ // egységekben.
+ $pwdexpire = bcsub($pwdlastset, $maxpwdage);
+
+ // Konvertáljuk az MS féle időt unix időre
+ $status['expiryTimestamp'] = bcsub(bcdiv($pwdexpire, '10000000'), '11644473600');
+ $status['expiryDate'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdexpire, '10000000'), '11644473600'));
+
+ if ($closeLDAP) ldap_close($ds);
+
+ $status['userAccount'] = $userAccount;
+ $status['usetAccountControl'] = $userAccountControl;
+ $status['shadowLastChange'] = $userinfo[0]['shadowlastchange'][0];
+ $status['shadowWarning'] = $userinfo[0]['shadowwarning'][0];
+ $status['shadowInactive'] = $userinfo[0]['shadowinactive'][0];
+ return array_merge($status);
+
+
+ }
+
+ function adsUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) {
+
+ global $AUTH;
+
+ if ($toPolicy == '') {
+ if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy'];
+// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy'];
+ else $toPolicy = _POLICY;
+ }
+
+ // Kapcsolódás a szerverhez
+ $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return _AUTH_FAILURE;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return _AUTH_FAILURE;
+ }
+
+ // Van-e adott azonosítójú felhasználó?
+ $filter="(&(sAMAccountName=$userAccount)(objectClass=".$AUTH[$toPolicy]['adsUserObjectClass']."))";
+ $justthese = array("sn","cn",$AUTH[$toPolicy]['adsStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax","pwdlastset","accountexpires","useraccountcontrol");
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return _AUTH_FAILURE;
+ }
+ $info = ldap_get_entries($ds,$sr);
+ if ( $info['count'] === 0 || is_null($info)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10)
+ // Nincs ilyen userAccount (uid)
+ $_SESSION['alert'][] = "message:no_account:$userAccount";
+ ldap_close($ds);
+ return _AUTH_FAILURE_1;
+ }
+
+ if ( $info['count'] > 1 ) {
+ // Több ilyen uid is van
+ $_SESSION['alert'][] = "message:multi_uid";
+ ldap_close($ds);
+ return _AUTH_FAILURE_2;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen felhasználó
+
+ $status = getAccountStatus($userAccount, $toPolicy, $info, $ds);
+ // Lejárt-e
+ // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik
+ // Esetünkben
+ if ($info[0]['pwdlastset'][0] != '') { // A pwdLastSet és shadowLastChange közül a kisebbiket használjuk
+ $info[0]['shadowlastchange'][0] = msFileTime2unixDays($info[0]['pwdlastset'][0]);
+ }
+
+ // A globális beállítással kikényszeríthető a nagyobb warning időszak
+ $shadowWarning = ($status['shadowWarning']<$AUTH[$toPolicy]['shadowWarning']) ? $AUTH[$toPolicy]['shadowWarning'] : $status['shadowWarning'];
+
+
+ $disabled = ( // Ha az jelszavak lejárhatnak a domain-ben és a user jellszava is lejárhat és le is járt...
+ !$status['passwordNeverExpire']
+ && !$status['passwordsDoNotExpireInDomain']
+ && $status['expiryTimestamp'] < time()
+ ) || ( // vagy az account lejárhat és le is járt
+ !$status['accountNeverExpires']
+ && $status['accountExpiresTimestamp']<time()
+ ); // Akkor már nem lehet belépni/jelszót változtatni...
+ $expired = ( // Ha a jelszavak lejárhatnak és a user jelszava is lejárhat, és shadowwarning-on belül le fog járni a jelszó
+ !$status['passwordNeverExpire']
+ && !$status['passwordsDoNotExpireInDomain']
+ && $status['expiryTimestamp'] - ($shadowWarning*24*60*60) < time()
+ ) || ( // Ha az account lejárhat és shadow warning-on belül le is fog járni az account
+ !$status['accountNeverExpires']
+ && $status['accountExpiresTimestamp'] - ($shadowWarning*24*60*60) < time()
+ ); // ...
+
+ /**
+ * Más backend-ben csak $AUTH[$toPolicy]['onDisabled'] == 'refuse' esetén utasítanánk el, de itt nincs más lehetőség...
+ **/
+ if ($disabled) {
+ $_SESSION['alert'][] = 'message:account_disabled';
+ ldap_close($ds);
+ return _AUTH_FAILURE_4;
+ }
+
+ $accountInformation['cn'] = $info[0]['cn'][0];
+ $accountInformation['studyId'] = $info[0][ $AUTH[$toPolicy]['adsStudyIdAttr'] ][0];
+ $accountInformation['dn'] = $info[0]['dn'];
+ $accountInformation['account'] = $userAccount;
+ // Jelszó ellenőrzés - lehet-e csatlakozni
+ if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) {
+ $_SESSION['alert'][] = 'message:bad_pw';
+ return _AUTH_FAILURE_3;
+ }
+
+ ldap_close($ds);
+ if (!$expired || $AUTH[$toPolicy]['onExpired'] == 'none') {
+ return _AUTH_SUCCESS;
+ } else {
+ $pwLejar = floor(($status['expiryTimestamp'] - time()) / 86400);
+ $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
+ $_SESSION['alert'][] = 'info:warn_account_disable:'.$pwLejar; // más backend esetén csak onDisable=refuse esetén szoktuk...
+ if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
+ return _AUTH_SUCCESS;
+ } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
+ return _AUTH_EXPIRED;
+ } else {
+ return _AUTH_FAILURE;
+ }
+ }
+
+/*
+ // Lejárt-e az azonosító
+ if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update
+ // Lejárt-e
+ $pwLejar = $expireTimestamp - floor(time()/(60*60*24));
+ if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) {
+ $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
+ return _AUTH_SUCCESS;
+ } elseif ($pwLejar <= 0) {
+ $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
+ if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar);
+ if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
+ return _AUTH_SUCCESS;
+ } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
+ return _AUTH_EXPIRED;
+ } else {
+ return _AUTH_FAILURE;
+ }
+ }
+ } // onExpired
+ // Ha idáig eljut, akkor minden rendben.
+ return _AUTH_SUCCESS;
+*/
+ } // count == 1
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ads/base/attrs.php b/mayor-orig/www/include/backend/ads/base/attrs.php
new file mode 100644
index 00000000..e01aa00c
--- /dev/null
+++ b/mayor-orig/www/include/backend/ads/base/attrs.php
@@ -0,0 +1,160 @@
+<?php
+/*
+ Module: useradmin
+*/
+
+ if (file_exists('lang/'._LANG.'/backend/ads/attrs.php')) {
+ require('lang/'._LANG.'/backend/ads/attrs.php');
+ } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ads/attrs.php')) {
+ require('lang/'._DEFAULT_LANG.'/backend/ads/attrs.php');
+ }
+
+######################################################
+# Alapértelmezett jogosultságok
+#
+# w - Írható/olvasható
+# r - olvasható
+# - - egyik sem
+#
+# Három karakter: admin, self, other jogai
+######################################################
+
+ define('_DEFAULT_ADS_RIGHTS','wr-');
+
+######################################################
+# Az LDAP account attribútumok
+######################################################
+
+ global $adsAccountAttrs;
+ $adsAccountAttrs = array(
+ 'cn',
+ 'sn',
+ 'serialnumber',
+ 'givenname',
+ 'displayname',
+ 'name',
+ 'padpwdcount',
+ 'badpasswordtime',
+ 'lastlogon',
+ 'pwdlastset', // ~ shadowLastChane
+ 'accountexpires', // != shadowExpired - henme mi? 1601.01.01-től (60*60*24*1000*1000*10)*napok száma
+ 'samaccountname',
+ 'userprincipalname',
+ 'useraccountcontrol',
+ 'objectcategory',
+ 'uid',
+ 'mssfu30name',
+ 'uidnumber',
+ 'gidnumber',
+ 'unixhomedirectory',
+ 'loginshell',
+
+ 'shadowlastchange',
+ 'shadowexpire',
+ 'shadowwarning',
+ 'shadowmin',
+ 'shadowmax',
+ 'shadowinactive',
+
+/*
+ 'gecos',
+ 'mail',
+ 'telephonenumber',
+ 'mobile',
+ 'l',
+ 'street',
+ 'postaladdress',
+ 'postalcode',
+ 'homedirectory',
+*/
+ );
+
+ global $adsGroupAttrs;
+ $adsGroupAttrs = array(
+ 'cn',
+ 'description',
+ 'member',
+ 'name',
+ 'samaccountname',
+ 'objectcategory',
+ 'gidnumber', // ennek kellene lennie - mitől lesz?
+/* 'memberuid' */
+ );
+
+ global $accountAttrToADS; // Kis és nagybetű számít!!!
+ $accountAttrToADS = array(
+ 'userAccount' => 'sAMAccountName',
+ 'userCn' => 'displayName',
+ 'mail' => 'mail',
+ 'studyId' => 'serialNumber', // Ez konfig-ban külön van állítva, az itteni érték irreleváns
+ 'shadowLastChange' => 'shadowLastChange',
+ 'shadowWarning' => 'shadowWarning',
+ 'shadowMin' => 'shadowMin',
+ 'shadowMax' => 'shadowMax',
+ 'shadowExpire' => 'shadowExpire',
+ 'shadowInactive' => 'shadowInactive',
+ );
+
+ global $groupAttrToADS;
+ $groupAttrToADS = array(
+ 'groupCn' => 'cn',
+ 'groupDesc' => 'description',
+ 'member' => 'member',
+ );
+
+ global $adsAccountAttrDef;
+ $adsAccountAttrDef = array(
+ 'dn' => array('desc' => _ADSDN, 'type' => 'text', 'rights' => 'rrr'),
+ 'cn' => array('desc' => _ADSCN, 'type' => 'text', 'rights' => 'rrr'),
+ 'sn' => array('desc' => _ADSSN, 'type' => 'text', 'rights' => 'wrr'),
+ 'givenname' => array('desc' => _ADSGIVENNAME, 'type' => 'text'),
+ 'serialnumber' => array('desc' => _ADSSERIALNUMBER, 'type' => 'int', 'rights' => 'wrr'),
+ 'displayname' => array('desc' => _ADSCN, 'type' => 'text', 'rights' => 'wrr'),
+ 'name' => array('desc' => _ADSNAME, 'type' => 'text', 'rights' => 'r--'),
+ 'padpwdcount' => array('desc' => _ADSBADPWDCOUNT, 'type' => 'int', 'rights' => 'wrr'),
+ 'badpasswordtime' => array('desc' => _ADSBADPASSWORDTIME, 'type' => 'int', 'rights' => 'r--'),
+ 'lastlogon' => array('desc' => _ADSLASTLOGON, 'type' => 'int', 'rights' => 'r--'),
+ 'pwdlastset' => array('desc' => _ADSPWDLASTSET, 'type' => 'int', 'rights' => 'r--'),
+ 'accountexpires' => array('desc' => _ADSACCOUNTEXPIRES, 'type' => 'int', 'rights' => 'wrr'),
+ 'samaccountname' => array('desc' => _ADSSAMACCOUNTNAME, 'type' => 'text', 'rights' => 'wrr'),
+ 'useraccountcontrol' => array('desc' => _USERACCOUNTCONTROL, 'type' => 'text', 'rights' => 'wrr'),
+ 'userprincipalname' => array('desc' => _ADSUSERPRINCIPALNAME, 'type' => 'text', 'rights' => 'wrr'),
+ 'objectcategory' => array('desc' => _ADSOBJECTCATEGORY, 'type' => 'text', 'rights' => 'r--'),
+ 'uid' => array('desc' => _ADSUID, 'type' => 'text', 'rights' => 'rrr'),
+ 'uidnumber' => array('desc' => _ADSUIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
+ 'gidnumber' => array('desc' => _ADSGIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
+ 'mssfu30name' => array('desc' => _ADSUID, 'type' => 'text', 'rights' => 'r--'),
+ 'unixhomedirectory' => array('desc' => _ADSUNIXHOMEDIRECTORY, 'type' => 'text', 'rights' => 'wrr'),
+ 'loginshell' => array('desc' => _ADSLOGINSHELL, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowlastchange' => array('desc' => _ADSSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowexpire' => array('desc' => _ADSSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowwarning' => array('desc' => _ADSSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowmin' => array('desc' => _ADSSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowmax' => array('desc' => _ADSSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowinactive' => array('desc' => _ADSSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'),
+/*
+ 'gecos' => array('desc' => _ADSGECOS, 'type' => 'text', 'rights' => 'w--'),
+ 'mail' => array('desc' => _ADSMAIL, 'type' => 'text', 'rights' => 'wwr'),
+ 'telephonenumber' => array('desc' => _ADSTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'),
+ 'mobile' => array('desc' => _ADSMOBILE, 'type' => 'text', 'rights' => 'ww-'),
+ 'l' => array('desc' => _ADSL, 'type' => 'text'),
+ 'street' => array('desc' => _ADSSTREET, 'type' => 'text'),
+ 'postaladdress' => array('desc' => _ADSPOSTALADDRESS, 'type' => 'text'),
+ 'postalcode' => array('desc' => _ADSPOSTALCODE, 'type' => 'text'),
+*/
+ );
+
+ global $adsGroupAttrDef;
+ $adsGroupAttrDef = array(
+ 'cn' => array('desc' => _ADSCN, 'type' => 'text','rights' => 'rrr'),
+ 'name' => array('desc' => _ADSNAME, 'type' => 'text','rights' => 'rrr'),
+ 'samaccountname' => array('desc' => _ADSSAMACCOUNTNAME, 'type' => 'text','rights' => 'wrr'),
+ 'description' => array('desc' => _ADSDESCRIPTION, 'type' => 'text'),
+ 'gidnumber' => array('desc' => _ADSGIDNUMBER, 'type' => 'int','rights' => 'w--'),
+ 'member' => array('desc' => _ADSMEMBER, 'type' => 'select'),
+ 'objectcategory' => array('desc' => _ADSOBJECTCATEGORY, 'type' => 'text','rights' => 'rrr'),
+
+ 'memberuid' => array('desc' => _ADSMEMBERUID, 'type' => 'select'),
+ );
+
+?>
diff --git a/mayor-orig/www/include/backend/ads/password/changePassword.php b/mayor-orig/www/include/backend/ads/password/changePassword.php
new file mode 100644
index 00000000..6d686b34
--- /dev/null
+++ b/mayor-orig/www/include/backend/ads/password/changePassword.php
@@ -0,0 +1,165 @@
+<?php
+/*
+
+ Module: base/password
+
+ Active Directory-ban csak ldaps-sel lehet megváltoztatni a jelszót!
+ Az AD a shadow attribútumokat nem kezeli, helyettük más attribútumokat állít automatikusan.
+ De azért beállítjuk őket, abból baj nem lehet...
+
+ function changeMyPassword($userAccount, $userPassword, $newPassword, $verification)
+ A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására.
+ Ennek eldöntése a függvényt hívó program feladata
+*/
+
+############################################################################
+# Jelszó kódolása az Active Directory számára
+############################################################################
+
+function ADSEncodePassword($password) {
+
+ return mb_convert_encoding("\"".$password."\"", "UTF-16LE", "UTF-8");
+
+}
+
+############################################################################
+# Saját jelszó megváltoztatása
+############################################################################
+
+/* *************************************************************************
+ A leírások szerint a felhasználó maga is megváltoztathatja jelszavát.
+ Ennek módja az unicodePw attribútum törlése (a régi jelszó értéke szerint),
+ és felvétele új értékkel - mindenz elvileg egy lépésben.
+
+ A PHP ldap_mod* függvények ezt az egy lépésben kétféle módosítást nem
+ támogatják. De a helyzet az, hogy a módosítás perl-ből és parancssorból
+ sem működik...
+************************************************************************* */
+
+function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') {
+
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy'];
+ $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
+
+ // Csatlakozzás az AD kiszolgálóhoz (SSL szükséges!)
+ $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ // nem sikerült csatlakozni
+ $_SESSION['alert'][] = 'message:ldap_failure';
+ return false;
+ }
+
+ // Az eredeti jelszó ellenőrzése - csatlakozással
+ $b_ok = ldap_bind($ds,$userDn,$userPassword);
+ if (!$b_ok) {
+ // Talán a régi jelszót elgépelte, vagy le van tiltva...
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn.':changeMyPassword - hibás a régi jelszó?';
+ ldap_close($ds);
+ return false;
+ }
+
+ // A régi és új jelszavak átkódolása
+ $newUnicodePwd = base64_encode(ADSEncodePassword($newPassword));
+ $oldUnicodePwd = base64_encode(ADSEncodePassword($userPassword));
+ // A php ldap_mod* függvényei nem tudnak egy lépésben többféle módosítást elküldeni
+ // ezért a parancssoros ldapmodify-t kell meghívnunk...
+ $ldif=<<<EOT
+dn: $userDn
+changetype: modify
+delete: unicodePwd
+unicodePwd:: $oldUnicodePwd
+-
+add: unicodePwd
+unicodePwd:: $newUnicodePwd
+-
+EOT;
+ $cmd = sprintf("/usr/bin/ldapmodify -H %s -D '%s' -x -w %s", $AUTH[$toPolicy]['adsHostname'], $userDn, $userPassword);
+ // KHM!
+ if (($fh = popen($cmd, 'w')) === false ) {
+ // Nem sikerült megnyitni a csatornát - mikor is lehet ilyen? Ha nincs ldapmodify?
+ $_SESSION['alert'][] = 'message:popen_failure';
+ return false;
+ }
+ fwrite($fh, "$ldif\n");
+ pclose($fh);
+
+ // Sikeres volt-e a jelszóváltoztatás? Próbáljunk újra csatlakozni az új jelszóval!
+ if (!@ldap_bind($ds, $userDn, $newPassword)) {
+ $_SESSION['alert'][] = 'message:bad_pw';
+ return false;
+ }
+
+ // Shadow attribútumok beállítása
+ // Ezekre nincs jogosultsága a felhasználónak, így csak AccountOperator-ként módosítható
+ // Ráadásul Windoes alatt változtatva a jelszót ezek nem változnak, így nem lehet számítani rájuk...
+ if (isset($AUTH[$toPolicy]['adsAccountOperatorUser'])) {
+ $shadowLastChange = floor(time()/(60*60*24));
+ $info['shadowLastChange'][0] = $shadowLastChange;
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+
+ $b_ok = ldap_bind($ds,$AUTH[$toPolicy]['adsAccountOperatorUser'],$AUTH[$toPolicy]['adsAccountOperatorPw']);
+ if (!$b_ok) { $_SESSION['alert'][] = 'message:ldap_bind_failure'; return false; }
+ $r = @ldap_mod_replace($ds, $userDn, $info);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure:changeMyPassword';
+ return false;
+ }
+ }
+ ldap_close($ds);
+ $_SESSION['alert'][] = 'info:pw_change_success';
+ return true;
+
+}
+
+############################################################################
+# Adminisztrátori jelszó változtatás
+############################################################################
+
+function changePassword($userAccount, $newPassword, $toPolicy = '') {
+
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = _POLICY;
+ $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
+ $shadowLastChange = floor(time()/(60*60*24));
+
+ $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if ($ds) {
+ $b_ok = ldap_bind($ds,BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
+ if ($b_ok) {
+ $info['unicodePwd'][0] = ADSEncodePassword($newPassword);
+ // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
+ // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
+ $info['shadowLastChange'][0] = $shadowLastChange;
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+ $r = @ldap_mod_replace($ds,$userDn,$info);
+ ldap_close($ds);
+ if ($r) {
+ $_SESSION['alert'][] = 'info:pw_change_success';
+ return true;
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure:changePassword';
+ return false;
+ }
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN.':changePassword';
+ ldap_close($ds);
+ return false;
+ }
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_failure';
+ return false;
+ }
+}
+
+?>
diff --git a/mayor-orig/www/include/backend/ads/session/accountInfo.php b/mayor-orig/www/include/backend/ads/session/accountInfo.php
new file mode 100644
index 00000000..eef90fd4
--- /dev/null
+++ b/mayor-orig/www/include/backend/ads/session/accountInfo.php
@@ -0,0 +1,416 @@
+<?php
+/*
+ Module: base/auth-ads
+ Backend: ads
+
+ function getADSInfo($userDn, $attrList=array('cn'), $toPolicy = '')
+ function adsGetAccountInfo($userAccount, $toPolicy = _POLICY)
+ function adsGetUserInfo($userAccount, $toPolicy = _POLICY)
+ function adsChangeAccountInfo($userAccount, $toPolicy = _POLICY)
+ function adsGetGroupInfo($groupCn, $toPolicy = _POLICY)
+
+*/
+
+######################################################
+# getADSInfo - általános ADS lekérdezés
+######################################################
+
+
+ function getADSInfo($userDn, $attrList=array('cn'), $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás az ADS szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $filter = '(objectclass=*)';
+ $sr = @ldap_search($ds, $userDn, $filter, $attrList);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+###########################################################
+# adsGetAccountInfo - felhasználói információk (backend)
+###########################################################
+
+ function adsGetAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $backendAttrs, $backendAttrDef;
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
+
+ $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
+
+ $result = getADSInfo($userDn, $backendAttrs, $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // ADS schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($backendAttrDef as $attr => $def) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
+ else $return[$i][$attr] = array('count' => 0);
+ }
+ }
+ return $return[0];
+
+ }
+
+ }
+
+#############################################################
+# adsGetUserInfo - felhasználói információk (keretrendszer)
+#############################################################
+
+ function adsGetUserInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $accountAttrToADS, $adsAttrDef;
+ $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
+
+ $result = getADSInfo($userDn, array_values($accountAttrToADS), $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']);
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + ADS --> MaYoR schema
+ foreach ($accountAttrToADS as $attr => $adsAttr) {
+ $adsAttr = kisbetus($adsAttr);
+ if (isset($result[0][$adsAttr])) $return[$attr] = $result[0][$adsAttr];
+ else $return[$attr] = array('count' => 0);
+ }
+ return $return;
+
+ }
+
+ }
+
+###############################################################
+# adsChangeAccountInfo - felhasználói információk módosítása
+###############################################################
+
+ function adsChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+ $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
+
+ // Kapcsolódás az ADS szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+ $_alert = array();
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_ADS_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+ $mod_info = $add_info = $del_info = Array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] == 'image') {
+ $file = $_FILES[$attr]['tmp_name'];
+ if (file_exists($file)) {
+ $fd = fopen($file,'r');
+ $values[0]=fread($fd,filesize($file));
+ fclose($fd);
+ } else {
+ // Sose töröljük!
+ $emptyAttrs[] = $attr;
+ }
+ } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
+ if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
+ $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
+ }
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr];
+ }
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
+ if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
+ } elseif (in_array($attr,$emptyAttrs)) {
+ if ($values[0] != '') $add_info[$attr] = $values;
+ } else {
+ if ($values[0] != '') {
+ $mod_info[$attr] = $values;
+ } else {
+ $del_info[$attr] = Array();
+ }
+ }
+
+ if (count($add_info)!=0) {
+ if (!@ldap_mod_add($ds,$userDn,$add_info)) {
+ $_alert[] = 'message:insufficient_access:add:'.$attr;
+ }
+ }
+ if (count($mod_info)!=0) {
+ if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) {
+ $_alert[] = 'message:insufficient_access:mod:'.$attr;
+ }
+ }
+ if (count($del_info)!=0) {
+ if (!@ldap_mod_del($ds,$userDn,$del_info)) {
+ $_alert[] = 'message:insufficient_access:del:'.$attr;
+ }
+ }
+
+ } else {
+// $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ ldap_close($ds);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+###########################################################
+# adsGetGroupInfo - csoport információk (backend)
+###########################################################
+
+ function adsGetGroupInfo($groupCn, $toPolicy = _POLICY, $SET = array()) {
+
+ global $backendAttrs, $backendAttrDef;
+
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
+
+ $groupDn = ADSgroupCnToDn($groupCn, $toPolicy);
+
+ $result = getADSInfo($groupDn, $backendAttrs, $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // Accountok lekérdezése
+ $info = getADSaccounts($toPolicy);
+ for ($i = 0; $i < $info['count']; $i++) {
+ $accountUid[] = array(
+ 'value' => $info[$i]['uid'][0],
+ 'txt' => $info[$i]['displayname'][0]
+ );
+ $accountDn[] = array(
+ 'value' => $info[$i]['dn'],
+ 'txt' => $info[$i]['displayname'][0]
+ );
+ $DN2CN[$info[$i]['dn']] = $info[$i]['displayname'][0];
+ }
+
+ // ADS schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($backendAttrDef as $attr => $def) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ elseif($attr == 'member') {
+ $_TMP = array();
+ for ($j=0; $j<$result[$i][$attr]['count']; $j++) {
+ $_dn = $result[$i][$attr][$j];
+ $_TMP[] = array(
+ 'type'=>'member',
+ 'value'=>$_dn,
+ 'txt'=>($DN2CN[$_dn]==''?str_replace(',',' ',$_dn):$DN2CN[$_dn])
+ );
+ }
+ $return[$i][$attr] = $_TMP;
+ }
+
+ elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
+ else $return[$i][$attr] = array('count' => 0);
+ }
+
+ if ($SET['withNewAccounts']===true) {
+ $return[$i]['member']['new'] = $accountDn;
+ $return[$i]['memberuid']['new'] = $accountUid;
+ }
+ }
+
+ return $return[0];
+
+ }
+
+ }
+
+###############################################################
+# adsChangeGroupInfo - csoport információk módosítása
+###############################################################
+
+ function adsChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
+
+// !!!! A memberuid / member szinkronjára nem figyel!!
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+ $groupDn = ADSgroupCnToDn($groupCn, $toPolicy);
+
+ // Kapcsolódás az ADS szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
+
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+ $_alert = array();
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_ADS_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+
+ $mod_info = $add_info = $del_info = Array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] == 'image') {
+ $file = $_FILES[$attr]['tmp_name'];
+ if (file_exists($file)) {
+ $fd = fopen($file,'r');
+ $values[0]=fread($fd,filesize($file));
+ fclose($fd);
+ } else {
+ // Sose töröljük!
+ $emptyAttrs[] = $attr;
+ }
+ } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
+ if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
+ $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
+ }
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '')
+ if (isset($_POST[$attr])) $values[0] = $_POST[$attr];
+ else $values[0] = '';
+ }
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
+ if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
+ } elseif (in_array($attr,$emptyAttrs)) {
+ if ($values[0] != '') $add_info[$attr] = $values;
+ } else {
+ if ($values[0] != '') {
+ $mod_info[$attr] = $values;
+ } else {
+ $del_info[$attr] = Array();
+ }
+
+ }
+
+ if (count($add_info)!=0) {
+ if (!@ldap_mod_add($ds,$groupDn,$add_info)) {
+ $_alert[] = 'message:insufficient_access:add:'.$attr;
+ }
+ }
+ if (count($mod_info)!=0) {
+ if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) {
+ $_alert[] = 'message:insufficient_access:mod:'.$attr;
+ }
+ }
+ if (count($del_info)!=0) {
+ if (!@ldap_mod_del($ds,$groupDn,$del_info)) {
+ $_alert[] = 'message:insufficient_access:del:'.$attr;
+ }
+ }
+
+ } else {
+// $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ ldap_close($ds);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+ function getADSaccounts($toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás az ADS szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $attrList = array('cn','uid','displayName','samaccountname');
+ $filter = '(&(objectclass=person)(!(objectclass=computer)))';
+ $sr = @ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $attrList);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ }
+
+ ldap_sort($ds, $sr, 'displayname');
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+
+?>
diff --git a/mayor-orig/www/include/backend/ads/session/base.php b/mayor-orig/www/include/backend/ads/session/base.php
new file mode 100644
index 00000000..3a727c3b
--- /dev/null
+++ b/mayor-orig/www/include/backend/ads/session/base.php
@@ -0,0 +1,188 @@
+<?php
+/*
+ Module: base/session
+ Backend: ads (for Active Directory)
+
+ function ADSuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY)
+ function adsMemberOf($userAccount, $group, $toPolicy = _POLICY)
+
+*/
+
+ require('include/backend/ads/base/attrs.php');
+
+ ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
+
+ if ($AUTH[_POLICY]['backend'] == 'ads') {
+ /* why not put into session cache */
+ if ($AUTH[_POLICY]['cacheable']=='yes') {
+ $userDn = _queryCache('RDN',_POLICY,'value');
+ }
+ if (!isset($userDn)) $userDn = ADSuserAccountToDn();
+ define('_USERDN', $userDn); // --TODO DEPRECATED
+ define('BACKEND_CONNECT_DN', $AUTH[_POLICY]['adsUser']);
+ define('BACKEND_CONNECT_PASSWORD', $AUTH[_POLICY]['adsPw']);
+ if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY);
+ unset($userDn);
+ }
+
+######################################################
+# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése
+######################################################
+
+ function ADSuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // Van-e adott azonosítójú felhasználó?
+ $filter="(&(sAMAccountName=$userAccount)(objectClass=".$AUTH[$toPolicy]['adsUserObjectClass']."))";
+ $justthese=array('cn','sn','givenName');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return false;
+ }
+ $info=ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen userAccount (uid)
+ $_SESSION['alert'][] = "message:no_account:$userAccount";
+ return false;
+ } elseif ( $info['count'] > 1 ) {
+ // Több ilyen uid is van
+ $_SESSION['alert'][] = "message:multi_uid:$userAccount";
+ return false;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen felhasználó
+ return $info[0]['dn'];
+ }
+
+ }
+
+
+######################################################
+# A groupCn(cn)-hez tartozó dn lekérdezése
+######################################################
+
+ function ADSgroupCnToDn($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // Van-e ilyen csoport?
+ $filter="(&(cn=$groupCn)(objectClass=".$AUTH[$toPolicy]['adsGroupObjectClass']."))";
+ $justthese=array('cn');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return false;
+ }
+ $info=ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó...
+ if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn";
+ return false;
+ } elseif ( $info['count'] > 1 ) {
+ // Több ilyen cn is van
+ $_SESSION['alert'][] = "message:multi_gid:$groupCn";
+ return false;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen csoport
+ return $info[0]['dn'];
+ }
+
+ }
+
+######################################################
+# memberOf - csoport tag-e
+######################################################
+
+ function adsMemberOf($userAccount, $group, $toPolicy = _POLICY) {
+
+ global $AUTH;
+ //global $ADS2Mayor;
+
+ $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
+ if (in_array($group, $AUTH[$toPolicy]['categories'])) {
+ if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true;
+# Ha nincs megfelelő ou-ban, akkor nézzük a csoport tagságot - így berakható időszakosan akárki pl a titkárság kategóriába...
+# else return false;
+ }
+
+ if (substr($group,0,3) != 'cn=') {
+ $groupDn = ADSgroupCnToDn(ekezettelen($group));
+ if (!$groupDn) return false; // Ha nincs ilyen csoport az ADS fában
+ } else {
+ $groupDn = $group;
+ }
+
+ // Kapcsolódás az ADS szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $justthese = array('cn'); // valamit le kell kérdezni...
+ $filter = "(&(objectClass=".$AUTH[$toPolicy]['adsGroupObjectClass'].")(member=$userDn))";
+ $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = ldap_get_entries($ds, $sr);
+ ldap_close($ds);
+
+ if ($info['count'] > 0) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ads/session/createAccount.php b/mayor-orig/www/include/backend/ads/session/createAccount.php
new file mode 100644
index 00000000..02809f07
--- /dev/null
+++ b/mayor-orig/www/include/backend/ads/session/createAccount.php
@@ -0,0 +1,157 @@
+<?php
+/*
+ Modules: base/session
+*/
+
+ require_once('include/backend/ads/password/changePassword.php');
+
+ /*
+ $SET = array(
+ container => a konténer elem - ha nincs, akkor CN=Users alá rakja
+ category => tanár, diák... egy kiemelt fontosságú csoport tagság
+ groups => egyéb csoportok
+ policyAttrs => policy függő attribútumok
+ )
+ */
+ function adsCreateAccount(
+ $userCn, $userAccount, $userPassword, $toPolicy, $SET
+ ) {
+
+ global $AUTH;
+
+ $shadowLastChange = floor(time() / (60*60*24));
+
+ // $toPolicy --> ads backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'ads') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = $ginfo = Array();
+
+ // uid ütközés ellenőrzése
+ $filter = "(sAMAccountName=$userAccount)";
+ $justthese = array('sAMAccountName');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
+ $uinfo = ldap_get_entries($ds, $sr);
+ $uidCount = $uinfo['count'];
+ ldap_free_result($sr);
+ if ($uidCount > 0) {
+ $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount;
+ return false;
+ }
+
+ // Az következő uidNumber megállapítása
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsUserObjectClass'].")(uidNumber=*))";
+ $justthese = array('uidNumber', 'msSFU30UidNumber');
+ $sr = ldap_search($ds,$AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
+ ldap_sort($ds, $sr, 'uidNumber');
+ $uinfo = ldap_get_entries($ds, $sr);
+ ldap_free_result($sr);
+ if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1);
+ else $info['uidNumber'] = array(1001);
+
+ // shadow attributumok...
+ // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '')
+ $info['shadowLastChange'] = array($shadowLastChange);
+ if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']);
+ if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']);
+ if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']);
+ if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']);
+ if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']);
+
+ // A szokásos attribútumok
+ $Name = explode(' ',$userCn);
+ $Dn = ldap_explode_dn($AUTH[$toPolicy]['adsBaseDn'], 1); unset($Dn['count']);
+ $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn));
+ $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount);
+ $info['displayName'] = array($userCn);
+ $info['sn'] = array($Name[0]);
+ $info['givenName'] = array($Name[ count($Name)-1 ]);
+ $info['unixUserPassword'] = array('ABCD!efgh12345$67890');
+ $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount"));
+ $info['loginShell'] = array('/bin/bash');
+ $info['objectClass'] = array($AUTH[$toPolicy]['adsUserObjectClass'], 'user');
+
+ $policyAccountAttrs = $SET['policyAttrs'];
+ if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['adsStudyIdAttr'] ] = array($policyAccountAttrs['studyId']);
+ foreach ($policyAccountAttrs as $attr => $value)
+ if ($attr != 'studyId' && isset($accountAttrToADS[$attr]))
+ $info[ $accountAttrToADS[$attr] ] = array($value);
+
+ if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container'];
+ else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['adsBaseDn'];
+
+ // user felvétel
+ $_r1 = @ldap_add($ds,$dn,$info);
+ if (!$_r1) {
+ $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds);
+ //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
+ return false;
+ }
+
+ // Jelszó beállítás
+ if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount;
+
+ // Engedélyezés
+ $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */
+ $_r1 = @ldap_mod_replace($ds,$dn,$einfo);
+ if (!$_r1) {
+ $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds);
+ //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
+ return false;
+ }
+
+ // Kategória csoportba és egyéb csoportokba rakás
+ if (isset($SET['category'])) {
+ if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']);
+ else $SET['groups'] = array($SET['category']);
+
+ $ginfo['member'] = $dn;
+
+ for ($i = 0; $i < count($SET['groups']); $i++) {
+ $groupDn = ADSgroupCnToDn($SET['groups'][$i], $toPolicy);
+ if ($groupDn !== false) {
+ $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo);
+ if (!$_r3) {
+ $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds);
+ //echo $SET['groups'][$i].'<pre>'; var_dump($ginfo); echo '</pre>';
+ }
+ }
+ }
+ }
+
+ ldap_close($ds);
+
+ if (defined('_DATADIR')
+ && isset($AUTH[$toPolicy]['createAccountScript'])
+ && file_exists(_DATADIR)
+ ) {
+ $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+');
+ if ($sfp) {
+ fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n");
+ fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n");
+ fclose($sfp);
+ }
+ }
+ $_SESSION['alert'][] = 'info:create_uid_success:'.$dn;
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ads/session/createGroup.php b/mayor-orig/www/include/backend/ads/session/createGroup.php
new file mode 100644
index 00000000..0a0a8c1d
--- /dev/null
+++ b/mayor-orig/www/include/backend/ads/session/createGroup.php
@@ -0,0 +1,82 @@
+<?php
+/*
+ Modules: base/session
+*/
+
+
+ function adsCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = array()) {
+
+ global $AUTH;
+ $category = ekezettelen($SET['category']);
+
+ // $toPolicy --> ads backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'ads') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = $ginfo = Array();
+
+ // cn ütközés ellenőrzése
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsGroupObjectClass'].")(cn=$groupCn))";
+ $justthese = array('cn');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
+ $ginfo = ldap_get_entries($ds, $sr);
+ $gCount = $ginfo['count'];
+ ldap_free_result($sr);
+ if ($gCount > 0) {
+ $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn;
+ return false;
+ }
+
+ // Az következő gidNumber megállapítása
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsGroupObjectClass'].")(gidNumber=*))";
+ $justthese = array('gidNumber', 'msSFU30GidNumber');
+ $sr = ldap_search($ds,$AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
+ ldap_sort($ds, $sr, 'gidNumber');
+ $ginfo = ldap_get_entries($ds, $sr);
+ ldap_free_result($sr);
+ if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1);
+ else $info['gidNumber'] = array(1001);
+
+ // A szokásos attribútumok
+ $info['sAMAccountName'] = $info['cn'] = array($groupCn);
+ $info['description'] = array($groupDesc);
+
+ // A kategória függő attribútumok
+ if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container'];
+ else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['adsBaseDn'];
+
+ // objectum osztályok
+ $info['objectClass'] = array($AUTH[$toPolicy]['adsGroupObjectClass']);
+
+ // csoport felvétel
+ $_r1 = ldap_add($ds,$dn,$info);
+ if (!$_r1) {
+ printf("ADS-Error: %s<br>\n", ldap_error($ds));
+ var_dump($info);
+ }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ads/session/search/searchAccount.php b/mayor-orig/www/include/backend/ads/session/search/searchAccount.php
new file mode 100644
index 00000000..01298382
--- /dev/null
+++ b/mayor-orig/www/include/backend/ads/session/search/searchAccount.php
@@ -0,0 +1,277 @@
+<?php
+/*
+ Module: base/session
+ Backend: ads
+
+ ! -- Csak publikus mezőkre lehet keresni! -- !
+ function ADSSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)')
+ function adsSearchAccount($attr, $pattern, $searchAttrs = array('userCn'))
+ function adsSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') {
+
+*/
+
+######################################################
+# Általános ADS kereső függvény
+######################################################
+
+ function ADSSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ if ($pattern == '') {
+ $_SESSION['alert'][] = 'message:empty_field';
+ return false;
+ }
+
+ // Kapcsolódás az ADS szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
+
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:ADSSearch';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ if (
+ strpos(kisbetus($attr),'number') !== false
+ && $attr != 'serialNumber'
+ ) $filter = "(&$filter($attr=$pattern))";
+ else $filter = "(&$filter($attr=*$pattern*))";
+
+ $filter = "(&$filter($attr=*$pattern*))";
+ $sr = @ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $searchAttrs);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+######################################################
+# adsSearchAccount - felhasználó kereső függvény
+######################################################
+
+ function adsSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
+
+ global $accountAttrToADS;
+
+ // A keresendő attribútum konvertálása ADS attribútummá
+ if ($accountAttrToADS[ $attr ] != '') $attrADS = $accountAttrToADS[ $attr ];
+ else $attrADS = $attr;
+ if ($attrADS == 'dn') $attrADS = 'uid'; // dn-re nem megy a keresés!!
+
+ // A lekérendő attribútumok konvertálása ADS attribútummá
+ for ($i = 0; $i < count($searchAttrs); $i++) {
+ if ($accountAttrToADS[ $searchAttrs[$i] ] != '') $searchAttrsADS[$i] = $accountAttrToADS[ $searchAttrs[$i] ];
+ else $searchAttrsADS[$i] = $searchAttrs[$i];
+ }
+ $result = ADSSearch($attrADS, $pattern, $searchAttrsADS, '(&(objectclass=person)(!(objectclass=computer)))', $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // ADS schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']);
+ for ($j = 0; $j < count($searchAttrs); $j++) {
+ $a = $searchAttrs[$j];
+ if (isset($result[$i][ kisbetus($accountAttrToADS[$a]) ])) {
+ if ($accountAttrToADS[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToADS[$a]) ];
+ else $return[$i][$a] = $result[$i][$a];
+ } else {
+ $return[$i][$a] = array('count' => 0) ;
+ }
+ }
+ $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy);
+ $return[$i]['category']['count'] = count($return[$i]['category']);
+ }
+ $return['count'] = $result['count'];
+
+ return $return;
+
+ }
+
+ }
+
+######################################################
+# adsSearchGroup - csoport kereső függvény
+######################################################
+
+ function adsSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) {
+
+ global $groupAttrToADS;
+
+ // A keresendő attribútum konvertálása ADS attribútummá
+ if ($groupAttrToADS[ $attr ] != '') $attrADS = $groupAttrToADS[ $attr ];
+ else $attrADS = $attr;
+ if ($attrADS == 'dn') $attrADS = 'cn'; // dn-re nem megy a keresés!!
+
+ // A lekérendő adtibútumok konvertálása ADS attribútummá
+ for ($i = 0; $i < count($searchAttrs); $i++) {
+ if ($groupAttrToADS[ $searchAttrs[$i] ] != '') $searchAttrsADS[$i] = $groupAttrToADS[ $searchAttrs[$i] ];
+ else $searchAttrsADS[$i] = $searchAttrs[$i];
+ }
+
+ $result = ADSSearch($attrADS, $pattern, $searchAttrsADS, '(objectclass=group)', $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // ADS schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ for ($j = 0; $j < count($searchAttrs); $j++) {
+ $a = $searchAttrs[$j];
+ if (!isset($groupAttrToADS[$a]) || $groupAttrToADS[$a] != '') {
+ if (isset($result[$i][ $groupAttrToADS[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToADS[$a] ];
+ else $return[$i][$a] = '';
+ } else {
+ $return[$i][$a] = $result[$i][$a];
+ }
+ }
+ }
+ $return['count'] = $result['count'];
+
+ return $return;
+
+ }
+
+ }
+
+######################################################
+# adsDeleteAccount - account törlése
+######################################################
+
+ function adsDeleteAccount($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // $toPolicy --> ads backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'ads') {
+ $_SESSION['alert'][] = 'page:wrong_backend:ads!='.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
+ if ($userDn === false) return false;
+
+ // Kapcsolódás az ADS szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Az uidNumber, a unixHomeDirectory lekerdezése
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsUserObjectClass'].")(!(objectclass=computer)))";
+ $justthese = array('uidNumber','unixHomedirectory');
+ $sr = @ldap_search($ds,$userDn,$filter,$justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ } ;
+
+ $info = @ldap_get_entries($ds,$sr);
+ $uidNumber = $info[0]['uidnumber'][0];
+ $homeDirectory = $info[0]['unixhomedirectory'][0];
+ $uid=$userAccount;
+
+ // user törlése
+ if (!@ldap_delete($ds,$userDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount;
+ }
+
+ ldap_close($ds);
+
+ /*
+ Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait.
+ A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter
+ lista: userAccount, uidNumber, homeDirectory
+ */
+ if (defined('_DATADIR')
+ && isset($AUTH[$toPolicy]['deleteAccountScript'])
+ && file_exists(_DATADIR)
+ ) {
+ $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+');
+ if ($sfp) {
+ fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n");
+ fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n");
+ fclose($sfp);
+ }
+ }
+
+ $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
+ return true;
+
+ }
+
+######################################################
+# adsDeleteGroup - account törlése
+######################################################
+
+ function adsDeleteGroup($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // $toPolicy --> ads backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'ads') {
+ $_SESSION['alert'][] = 'page:wrong_backend:ads!='.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ $groupDn = ADSgroupCnToDn($groupCn, $toPolicy);
+ if ($groupDn === false) return false;
+
+ // Kapcsolódás az ADS szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ if (!@ldap_delete($ds, $groupDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn;
+ }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn;
+ return true;
+
+ }
+
+
+?>
diff --git a/mayor-orig/www/include/backend/file/auth/login.php b/mayor-orig/www/include/backend/file/auth/login.php
new file mode 100644
index 00000000..bc77f9f7
--- /dev/null
+++ b/mayor-orig/www/include/backend/file/auth/login.php
@@ -0,0 +1,121 @@
+<?php
+/*
+ Auth-File
+
+ A név-jelszó pár ellenőrzése file-ból történik
+*/
+
+/* --------------------------------------------------------------
+
+ Felhasználók azonosítása egyszerű szöveges file-ból
+
+ A file szerkezete:
+ Soronként egy account adatai, egymástól kettősponttal elválasztott mezők:
+ azonosító:név:jelszó:oktAzon:shadowLastChange:shadowMin:shadowMax:shadowWarning:shadowInactive:shadowExpire
+
+ A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
+ konstansok valamelyikével tér vissza.
+
+ Sikeres hitelesítés esetén
+ az egyéb account információkat (minimálisan a 'cn', azaz 'teljes név'
+ attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
+
+ Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
+ elutasítás okát.
+
+-------------------------------------------------------------- */
+ function fileUserAuthentication($userAccount, $userPassword, &$accountInformation) {
+
+ global $AUTH;
+
+ $toPolicy = $accountInformation['policy'];
+ $fp = @fopen($AUTH[$toPolicy]['file account file'],'r');
+ if (!$fp) {
+ // nem lehet megnyitni a file-t
+ $_SESSION['alert'][] = 'message:file_open_failure:'.$AUTH[$toPolicy]['file account file'];
+ return _AUTH_FAILURE;
+ }
+
+ $valid = false;
+ while (!$valid and $sor = chop(fgets($fp, 1024))) {
+
+ list(
+ $_userAccount,
+ $_userCn,
+ $_userPassword,
+ $_studyId,
+ $shadowLastChange,
+ $shadowMin,
+ $shadowMax,
+ $shadowWarning,
+ $shadowInactive,
+ $shadowExpire
+ ) = explode(':',$sor);
+ $valid = ($_userAccount == $userAccount and $_userPassword == $userPassword); // itt lehetne a kódolt jelszót eltárolni és azzal hasonlítani
+
+ }
+
+ fclose($fp);
+
+ if ($valid) {
+
+ $accountInformation['cn'] = $_userCn;
+ $accountInformation['studyId'] = $_studyId;
+
+ if ( // onDisabled: none | refuse
+ $AUTH[$toPolicy]['onDisabled'] == 'refuse' &&
+ (
+ (
+ $shadowExpire != '' &&
+ $shadowExpire <= floor(time()/(60*60*24))
+ ) ||
+ (
+ $shadowLastChange != '' &&
+ $shadowMax != '' &&
+ $shadowInactive != '' &&
+ ( $shadowLastChange
+ + $shadowMax
+ + $shadowInactive ) <= floor(time()/(60*60*24))
+ )
+ )
+ ) {
+ // Le van tiltva
+ $_SESSION['alert'][] = 'message:account_disabled';
+ return _AUTH_FAILURE_4;
+ } // onDisabled
+
+ // Lejárt-e az azonosító
+ if (
+ $AUTH[$toPolicy]['onExpired'] != 'none' && // onExpired: none | warning | force update
+ $shadowLastChange != '' &&
+ $shadowMax != ''
+ ) {
+ // Lejárt-e
+ $pwLejar = ($shadowLastChange + $shadowMax) - floor(time()/(60*60*24));
+ if (0 < $pwLejar && $shadowWarning != '' && $pwLejar < $shadowWarning) {
+ $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
+ return _AUTH_SUCCESS;
+ } elseif ($pwLejar <= 0) {
+ $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
+ if ($AUTH[$toPolicy]['onDisabled'] == 'refuse')
+ $_SESSION['alert'][] = 'info:warn_account_disable:'.($shadowInactive+$pwLejar);
+ if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
+ return _AUTH_SUCCESS;
+ } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
+ return _AUTH_EXPIRED;
+ }
+ }
+ } // onExpired
+
+ return _AUTH_SUCCESS;
+
+ } else {
+
+ $_SESSION['alert'][] = 'message:bad_pw';
+ return _AUTH_FAILURE_3;
+
+ }
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/file/session/base.php b/mayor-orig/www/include/backend/file/session/base.php
new file mode 100644
index 00000000..4902e9c8
--- /dev/null
+++ b/mayor-orig/www/include/backend/file/session/base.php
@@ -0,0 +1,6 @@
+<?php
+
+ function fileMemberOf() {
+ return false;
+ }
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/auth/login.php b/mayor-orig/www/include/backend/ldap-ng/auth/login.php
new file mode 100644
index 00000000..3eb9854e
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/auth/login.php
@@ -0,0 +1,163 @@
+<?php
+/*
+ Auth-LDAP-NG
+
+ A név-jelszó pár ellenőrzése LDAP adatbázis alapján
+*/
+
+/* --------------------------------------------------------------
+
+ Felhasználók azonosítása az LDAP-ban tárolt konfigurálható
+ osztályok alapján történik.
+
+ A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
+ konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php)
+
+ Sikeres hitelesítés esetén
+ az egyéb account információkat (minimálisan a 'cn', azaz 'common name'
+ attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
+
+ Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
+ elutasítás okát (ldap_connect_failure, ldap_bind_failure, ldap_search_failure, no_account, multi_uid,
+ account_disabled, bad_pw, account_warning, account_expired, warn_account_disable.
+
+-------------------------------------------------------------- */
+
+######################################################################
+# Az LDAP protocol version 3 kötelező,
+# referals=0 nélkül használhatatlanul lassú
+######################################################################
+
+ ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
+
+
+ function ldap_ngUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) {
+
+ global $AUTH;
+
+ if ($toPolicy == '') {
+ if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy'];
+// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy'];
+ else $toPolicy = _POLICY;
+ }
+
+ // Kapcsolódás a szerverhez
+ $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return _AUTH_FAILURE;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return _AUTH_FAILURE;
+ }
+
+ // Van-e adott azonosítójú felhasználó?
+ $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))";
+ $justthese = array("sn",$AUTH[$toPolicy]['ldapCnAttr'],$AUTH[$toPolicy]['ldapStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax");
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return _AUTH_FAILURE;
+ }
+ $info = ldap_get_entries($ds,$sr);
+
+ if ( $info['count'] === 0 || is_null($info)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10)
+ // Nincs ilyen userAccount (uid)
+ $_SESSION['alert'][] = "message:no_account:$userAccount";
+ ldap_close($ds);
+ return _AUTH_FAILURE_1;
+ }
+
+ if ( $info['count'] > 1 ) {
+ // Több ilyen uid is van
+ $_SESSION['alert'][] = "message:multi_uid";
+ ldap_close($ds);
+ return _AUTH_FAILURE_2;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen felhasználó
+
+
+ $accountInformation['cn'] = $info[0][ $AUTH[$toPolicy]['ldapCnAttr'] ][0];
+ $accountInformation['studyId'] = $info[0][ $AUTH[$toPolicy]['ldapStudyIdAttr'] ][0];
+
+ $accountInformation['dn'] = $info[0]['dn'];
+ $accountInformation['account'] = $userAccount;
+ // Lejárt-e
+ // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik
+ if ($info[0]['pwdlastset'][0] != '') { // A pwdLastSet és shadowLastChange közül a kisebbiket használjuk
+// if ($info[0]['shadowlastchange'][0] != '')
+// $info[0]['shadowlastchange'][0] = min(pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]), $info[0]['shadowlastchange'][0]);
+// else
+ $info[0]['shadowlastchange'][0] = pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]);
+ }
+ if ($info[0]['accountexpires'][0] != '') { // Az accountExpires és a shadowExpire közül a kisebbiket használjuk
+// if ($info[0]['shadowexpire'][0] != '')
+// $info[0]['shadowexpire'][0] = min(pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]), $info[0]['shadowexpire'][0]);
+// else
+ $info[0]['shadowexpire'][0] = pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]);
+ }
+ if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0];
+ if (
+ $info[0]['shadowmax'][0] != '' &&
+ (
+ !isset($expireTimestamp) ||
+ $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]
+ )
+ ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0];
+ // lejárt, ha lejárat ideje már elmúlt
+ $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24))));
+
+ // Le van-e tiltva
+ // Ha több mint shadowInactive napja lejárt
+ if ( // onDisabled: none | refuse
+ $AUTH[$toPolicy]['onDisabled'] == 'refuse' &&
+ isset($expireTimestamp) &&
+ $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24))
+ ) {
+ // Le van tiltva
+ $_SESSION['alert'][] = 'message:account_disabled';
+ ldap_close($ds);
+ return _AUTH_FAILURE_4;
+ } // onDisabled
+
+ // Jelszó ellenőrzés - lehet-e csatlakozni
+ if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) {
+ $_SESSION['alert'][] = 'message:bad_pw';
+ return _AUTH_FAILURE_3;
+ }
+
+ ldap_close($ds);
+ // Lejárt-e az azonosító
+ if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update
+ // Lejárt-e
+ $pwLejar = $expireTimestamp - floor(time()/(60*60*24));
+ if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) {
+ $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
+ return _AUTH_SUCCESS;
+ } elseif ($pwLejar <= 0) {
+ $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
+ if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar);
+ if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
+ return _AUTH_SUCCESS;
+ } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
+ return _AUTH_EXPIRED;
+ } else {
+ return _AUTH_FAILURE;
+ }
+ }
+ } // onExpired
+ // Ha idáig eljut, akkor minden rendben.
+ return _AUTH_SUCCESS;
+
+ } // count == 1
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/base/attrs.php b/mayor-orig/www/include/backend/ldap-ng/base/attrs.php
new file mode 100644
index 00000000..2a2f327a
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/base/attrs.php
@@ -0,0 +1,146 @@
+<?php
+/*
+ Module: useradmin
+*/
+
+ if (file_exists('lang/'._LANG.'/backend/ldap-ng/attrs.php')) {
+ require('lang/'._LANG.'/backend/ldap-ng/attrs.php');
+ } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap-ng/attrs.php')) {
+ require('lang/'._DEFAULT_LANG.'/backend/ldap-ng/attrs.php');
+ }
+
+######################################################
+# Alapértelmezett jogosultságok
+#
+# w - Írható/olvasható
+# r - olvasható
+# - - egyik sem
+#
+# Három karakter: admin, self, other jogai
+######################################################
+
+ define('_DEFAULT_LDAP_RIGHTS','wr-');
+
+######################################################
+# Az LDAP account attribútumok
+######################################################
+
+ global $ldapAccountAttrs;
+ $ldapAccountAttrs = array(
+ 'cn',
+ 'serialnumber',
+ 'uid',
+ 'uidnumber',
+ 'gidnumber',
+ 'unixhomedirectory',
+ 'loginshell',
+
+ 'shadowlastchange',
+ 'shadowexpire',
+ 'shadowwarning',
+ 'shadowmin',
+ 'shadowmax',
+ 'shadowinactive',
+
+/*
+ 'gecos',
+ 'mail',
+ 'telephonenumber',
+ 'mobile',
+ 'l',
+ 'street',
+ 'postaladdress',
+ 'postalcode',
+ 'homedirectory',
+*/
+ );
+
+ global $ldapGroupAttrs;
+ $ldapGroupAttrs = array(
+ 'cn',
+ 'description',
+ 'member',
+ 'name',
+ 'samaccountname',
+ 'objectcategory',
+ 'gidnumber', // ennek kellene lennie - mitől lesz?
+/* 'memberuid' */
+ );
+
+ global $accountAttrToLDAP; // Kis és nagybetű számít!!!
+ $accountAttrToLDAP = array(
+ 'userAccount' => 'sAMAccountName',
+ 'userCn' => 'displayName',
+ 'mail' => 'mail',
+ 'studyId' => 'serialNumber', // Ez konfig-ban külön van állítva, az itteni érték irreleváns
+ 'shadowLastChange' => 'shadowLastChange',
+ 'shadowWarning' => 'shadowWarning',
+ 'shadowMin' => 'shadowMin',
+ 'shadowMax' => 'shadowMax',
+ 'shadowExpire' => 'shadowExpire',
+ 'shadowInactive' => 'shadowInactive',
+ );
+
+ global $groupAttrToLDAP;
+ $groupAttrToLDAP = array(
+ 'groupCn' => 'cn',
+ 'groupDesc' => 'description',
+ 'member' => 'member',
+ );
+
+ global $ldapAccountAttrDef;
+ $ldapAccountAttrDef = array(
+ 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'),
+ 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'rrr'),
+ 'sn' => array('desc' => _LDAPSN, 'type' => 'text', 'rights' => 'wrr'),
+ 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'),
+ 'serialnumber' => array('desc' => _LDAPSERIALNUMBER, 'type' => 'int', 'rights' => 'wrr'),
+ 'displayname' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'),
+ 'name' => array('desc' => _LDAPNAME, 'type' => 'text', 'rights' => 'r--'),
+ 'padpwdcount' => array('desc' => _LDAPBADPWDCOUNT, 'type' => 'int', 'rights' => 'wrr'),
+ 'badpasswordtime' => array('desc' => _LDAPBADPASSWORDTIME, 'type' => 'int', 'rights' => 'r--'),
+ 'lastlogon' => array('desc' => _LDAPLASTLOGON, 'type' => 'int', 'rights' => 'r--'),
+ 'pwdlastset' => array('desc' => _LDAPPWDLASTSET, 'type' => 'int', 'rights' => 'r--'),
+ 'accountexpires' => array('desc' => _LDAPACCOUNTEXPIRES, 'type' => 'int', 'rights' => 'wrr'),
+ 'samaccountname' => array('desc' => _LDAPSAMACCOUNTNAME, 'type' => 'text', 'rights' => 'wrr'),
+ 'useraccountcontrol' => array('desc' => _USERACCOUNTCONTROL, 'type' => 'text', 'rights' => 'wrr'),
+ 'userprincipalname' => array('desc' => _LDAPUSERPRINCIPALNAME, 'type' => 'text', 'rights' => 'wrr'),
+ 'objectcategory' => array('desc' => _LDAPOBJECTCATEGORY, 'type' => 'text', 'rights' => 'r--'),
+ 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'),
+ 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
+ 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
+ 'mssfu30name' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'r--'),
+ 'unixhomedirectory' => array('desc' => _LDAPUNIXHOMEDIRECTORY, 'type' => 'text', 'rights' => 'wrr'),
+ 'loginshell' => array('desc' => _LDAPLOGINSHELL, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'),
+/*
+ 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'),
+ 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'),
+ 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'),
+ 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'),
+ 'l' => array('desc' => _LDAPL, 'type' => 'text'),
+ 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'),
+ 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'),
+ 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'),
+*/
+ );
+
+ global $ldapGroupAttrDef;
+ $ldapGroupAttrDef = array(
+ 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'rrr'),
+ 'name' => array('desc' => _LDAPNAME, 'type' => 'text','rights' => 'rrr'),
+ 'samaccountname' => array('desc' => _LDAPSAMACCOUNTNAME, 'type' => 'text','rights' => 'wrr'),
+ 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'),
+ 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'),
+ 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'),
+ 'objectcategory' => array('desc' => _LDAPOBJECTCATEGORY, 'type' => 'text','rights' => 'rrr'),
+
+ 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'),
+ );
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/password/changePassword.php b/mayor-orig/www/include/backend/ldap-ng/password/changePassword.php
new file mode 100644
index 00000000..aa4cd91d
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/password/changePassword.php
@@ -0,0 +1,161 @@
+<?php
+/*
+
+ Module: base/password
+
+ function changeMyPassword($userAccount, $userPassword, $newPassword, $verification)
+ A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására.
+ Ennek eldöntése a függvényt hívó program feladata
+*/
+
+############################################################################
+# Jelszó kódolása (az Active Directory ezt használja....)
+############################################################################
+
+function LDAPEncodePassword($password) {
+
+ return mb_convert_encoding("\"".$password."\"", "UTF-16LE", "UTF-8");
+
+}
+
+############################################################################
+# Saját jelszó megváltoztatása
+############################################################################
+
+/* *************************************************************************
+ A leírások szerint a felhasználó maga is megváltoztathatja jelszavát.
+ Ennek módja az unicodePw attribútum törlése (a régi jelszó értéke szerint),
+ és felvétele új értékkel - mindenz elvileg egy lépésben.
+
+ A PHP ldap_mod* függvények ezt az egy lépésben kétféle módosítást nem
+ támogatják. De a helyzet az, hogy a módosítás perl-ből és parancssorból
+ sem működik...
+************************************************************************* */
+
+function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') {
+
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy'];
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ // Csatlakozzás az AD kiszolgálóhoz (SSL szükséges!)
+ $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ // nem sikerült csatlakozni
+ $_SESSION['alert'][] = 'message:ldap_failure';
+ return false;
+ }
+
+ // Az eredeti jelszó ellenőrzése - csatlakozással
+ $b_ok = ldap_bind($ds,$userDn,$userPassword);
+ if (!$b_ok) {
+ // Talán a régi jelszót elgépelte, vagy le van tiltva...
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn.':changeMyPassword - hibás a régi jelszó?';
+ ldap_close($ds);
+ return false;
+ }
+
+ // A régi és új jelszavak átkódolása
+ $newUnicodePwd = base64_encode(LDAPEncodePassword($newPassword));
+ $oldUnicodePwd = base64_encode(LDAPEncodePassword($userPassword));
+ // A php ldap_mod* függvényei nem tudnak egy lépésben többféle módosítást elküldeni
+ // ezért a parancssoros ldapmodify-t kell meghívnunk...
+ $ldif=<<<EOT
+dn: $userDn
+changetype: modify
+delete: unicodePwd
+unicodePwd:: $oldUnicodePwd
+-
+add: unicodePwd
+unicodePwd:: $newUnicodePwd
+-
+EOT;
+ $cmd = sprintf("/usr/bin/ldapmodify -H %s -D '%s' -x -w %s", $AUTH[$toPolicy]['ldapHostname'], $userDn, $userPassword);
+
+ if (($fh = popen($cmd, 'w')) === false ) {
+ // Nem sikerült megnyitni a csatornát - mikor is lehet ilyen? Ha nincs ldapmodify?
+ $_SESSION['alert'][] = 'message:popen_failure';
+ return false;
+ }
+ fwrite($fh, "$ldif\n");
+ pclose($fh);
+
+ // Sikeres volt-e a jelszóváltoztatás? Próbáljunk újra csatlakozni az új jelszóval!
+ if (!@ldap_bind($ds, $userDn, $newPassword)) {
+ $_SESSION['alert'][] = 'message:bad_pw';
+ return false;
+ }
+
+ // Shadow attribútumok beállítása
+ // Ezekre nincs jogosultsága a felhasználónak, így csak AccountOperator-ként módosítható
+ // Ráadásul Windoes alatt változtatva a jelszót ezek nem változnak, így nem lehet számítani rájuk...
+ if (isset($AUTH[$toPolicy]['ldapAccountOperatorUser'])) {
+ $shadowLastChange = floor(time()/(60*60*24));
+ $info['shadowLastChange'][0] = $shadowLastChange;
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+
+ $b_ok = ldap_bind($ds,$AUTH[$toPolicy]['ldapAccountOperatorUser'],$AUTH[$toPolicy]['ldapAccountOperatorPw']);
+ if (!$b_ok) { $_SESSION['alert'][] = 'message:ldap_bind_failure'; return false; }
+ $r = @ldap_mod_replace($ds, $userDn, $info);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure:changeMyPassword';
+ return false;
+ }
+ }
+ ldap_close($ds);
+ $_SESSION['alert'][] = 'info:pw_change_success';
+ return true;
+
+}
+
+############################################################################
+# Adminisztrátori jelszó változtatás
+############################################################################
+
+function changePassword($userAccount, $newPassword, $toPolicy = '') {
+
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = _POLICY;
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ $shadowLastChange = floor(time()/(60*60*24));
+
+ $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if ($ds) {
+ $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD);
+ if ($b_ok) {
+ $info['unicodePwd'][0] = LDAPEncodePassword($newPassword);
+ // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
+ // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
+ $info['shadowLastChange'][0] = $shadowLastChange;
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+ $r = @ldap_mod_replace($ds,$userDn,$info);
+ ldap_close($ds);
+ if ($r) {
+ $_SESSION['alert'][] = 'info:pw_change_success';
+ return true;
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure:changePassword';
+ return false;
+ }
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN.':changePassword';
+ ldap_close($ds);
+ return false;
+ }
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_failure';
+ return false;
+ }
+}
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php b/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php
new file mode 100644
index 00000000..d3733ba2
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php
@@ -0,0 +1,401 @@
+<?php
+/*
+ Module: base/auth-ldap-ng
+ Backend: ldap-ng
+
+ function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '')
+ function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY)
+ function ldapGetUserInfo($userAccount, $toPolicy = _POLICY)
+ function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY)
+ function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY)
+
+*/
+
+######################################################
+# getLDAPInfo - általános LDAP lekérdezés
+######################################################
+
+
+ function getLDAPInfo($Dn, $attrList=array('cn'), $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $filter = '(objectclass=*)';
+ $sr = @ldap_search($ds, $Dn, $filter, $attrList);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$Dn;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+###########################################################
+# ldapGetAccountInfo - felhasználói információk (backend)
+###########################################################
+
+ function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $backendAttrs, $backendAttrDef;
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($backendAttrDef as $attr => $def) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
+ else $return[$i][$attr] = array('count' => 0);
+ }
+ }
+ return $return[0];
+
+ }
+
+ }
+
+#############################################################
+# ldapGetUserInfo - felhasználói információk (keretrendszer)
+#############################################################
+
+ function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $accountAttrToLDAP, $ldapAttrDef;
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']);
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + LDAP --> MaYoR schema
+ foreach ($accountAttrToLDAP as $attr => $ldapAttr) {
+ $ldapAttr = kisbetus($ldapAttr);
+ if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr];
+ else $return[$attr] = array('count' => 0);
+ }
+ return $return;
+
+ }
+
+ }
+
+###############################################################
+# ldapChangeAccountInfo - felhasználói információk módosítása
+###############################################################
+
+ function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+ $_alert = array();
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+ $mod_info = $add_info = $del_info = Array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] == 'image') {
+ $file = $_FILES[$attr]['tmp_name'];
+ if (file_exists($file)) {
+ $fd = fopen($file,'r');
+ $values[0]=fread($fd,filesize($file));
+ fclose($fd);
+ } else {
+ // Sose töröljük!
+ $emptyAttrs[] = $attr;
+ }
+ } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
+ if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
+ $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
+ }
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr];
+ }
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
+ if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
+ } elseif (in_array($attr,$emptyAttrs)) {
+ if ($values[0] != '') $add_info[$attr] = $values;
+ } else {
+ if ($values[0] != '') {
+ $mod_info[$attr] = $values;
+ } else {
+ $del_info[$attr] = Array();
+ }
+ }
+
+ if (count($add_info)!=0) {
+ if (!@ldap_mod_add($ds,$userDn,$add_info)) {
+ $_alert[] = 'message:insufficient_access:add:'.$attr;
+ }
+ }
+ if (count($mod_info)!=0) {
+ if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) {
+ $_alert[] = 'message:insufficient_access:mod:'.$attr;
+ }
+ }
+ if (count($del_info)!=0) {
+ if (!@ldap_mod_del($ds,$userDn,$del_info)) {
+ $_alert[] = 'message:insufficient_access:del:'.$attr;
+ }
+ }
+
+ } else {
+// $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ ldap_close($ds);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+###########################################################
+# ldapGetGroupInfo - csoport információk (backend)
+###########################################################
+
+ function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) {
+
+ global $backendAttrs, $backendAttrDef;
+
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+
+ $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // Accountok lekérdezése
+ $info = getLDAPaccounts($toPolicy);
+ for ($i = 0; $i < $info['count']; $i++) {
+ $accountUid[] = array(
+ 'value' => $info[$i]['uid'][0],
+ 'txt' => $info[$i]['displayname'][0]
+ );
+ $accountDn[] = array(
+ 'value' => $info[$i]['dn'],
+ 'txt' => $info[$i]['displayname'][0]
+ );
+ }
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($backendAttrDef as $attr => $def) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
+ else $return[$i][$attr] = array('count' => 0);
+ }
+ $return[$i]['member']['new'] = $accountDn;
+ $return[$i]['memberuid']['new'] = $accountUid;
+ }
+
+ return $return[0];
+
+ }
+
+ }
+
+###############################################################
+# ldapChangeGroupInfo - csoport információk módosítása
+###############################################################
+
+ function ldapChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
+
+// !!!! A memberuid / member szinkronjára nem figyel!!
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+ $_alert = array();
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+
+ $mod_info = $add_info = $del_info = Array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] == 'image') {
+ $file = $_FILES[$attr]['tmp_name'];
+ if (file_exists($file)) {
+ $fd = fopen($file,'r');
+ $values[0]=fread($fd,filesize($file));
+ fclose($fd);
+ } else {
+ // Sose töröljük!
+ $emptyAttrs[] = $attr;
+ }
+ } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
+ if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
+ $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
+ }
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '')
+ if (isset($_POST[$attr])) $values[0] = $_POST[$attr];
+ else $values[0] = '';
+ }
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
+ if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
+ } elseif (in_array($attr,$emptyAttrs)) {
+ if ($values[0] != '') $add_info[$attr] = $values;
+ } else {
+ if ($values[0] != '') {
+ $mod_info[$attr] = $values;
+ } else {
+ $del_info[$attr] = Array();
+ }
+
+ }
+
+ if (count($add_info)!=0) {
+ if (!@ldap_mod_add($ds,$groupDn,$add_info)) {
+ $_alert[] = 'message:insufficient_access:add:'.$attr;
+ }
+ }
+ if (count($mod_info)!=0) {
+ if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) {
+ $_alert[] = 'message:insufficient_access:mod:'.$attr;
+ }
+ }
+ if (count($del_info)!=0) {
+ if (!@ldap_mod_del($ds,$groupDn,$del_info)) {
+ $_alert[] = 'message:insufficient_access:del:'.$attr;
+ }
+ }
+
+ } else {
+// $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ ldap_close($ds);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+ function getLDAPaccounts($toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $attrList = array('cn','uid','displayName','samaccountname');
+ $filter = '(&(objectclass=person)(!(objectclass=computer)))';
+ $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $attrList);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ }
+
+ ldap_sort($ds, $sr, 'displayname');
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/base.php b/mayor-orig/www/include/backend/ldap-ng/session/base.php
new file mode 100644
index 00000000..196e431c
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/session/base.php
@@ -0,0 +1,184 @@
+<?php
+/*
+ Module: base/session
+ Backend: ldap-ng
+
+ function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY)
+ function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY)
+
+*/
+
+ require('include/backend/ldap-ng/base/attrs.php');
+
+ ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
+
+ if ($AUTH[_POLICY]['backend'] == 'ldap-ng') {
+ /* why not put into session cache */
+ if ($AUTH[_POLICY]['cacheable']=='yes') {
+ $userDn = _queryCache('RDN',_POLICY,'value');
+ }
+ if (!isset($userDn)) $userDn = LDAPuserAccountToDn();
+ define('_USERDN', $userDn);
+ if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY);
+ unset($userDn);
+ }
+
+######################################################
+# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése
+######################################################
+
+ function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // Van-e adott azonosítójú felhasználó?
+ $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))";
+ $justthese=array($AUTH[$toPolicy]['ldapCnAttr']);
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return false;
+ }
+ $info=ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen userAccount (uid)
+ $_SESSION['alert'][] = "message:no_account:$userAccount";
+ return false;
+ } elseif ( $info['count'] > 1 ) {
+ // Több ilyen uid is van
+ $_SESSION['alert'][] = "message:multi_uid:$userAccount";
+ return false;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen felhasználó
+ return $info[0]['dn'];
+ }
+
+ }
+
+
+######################################################
+# A groupCn(cn)-hez tartozó dn lekérdezése
+######################################################
+
+ function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // Van-e ilyen csoport?
+ $filter="(&(".$AUTH[$toPolicy]['ldapGroupCnAttr']."=$groupCn)(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass']."))";
+ $justthese=array($AUTH[$toPolicy]['ldapGroupCnAttr']);
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return false;
+ }
+ $info=ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó...
+ if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn";
+ return false;
+ } elseif ( $info['count'] > 1 ) {
+ // Több ilyen cn is van
+ $_SESSION['alert'][] = "message:multi_gid:$groupCn";
+ return false;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen csoport
+ return $info[0]['dn'];
+ }
+
+ }
+
+######################################################
+# memberOf - csoport tag-e
+######################################################
+
+ function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ /* Kis hack: csoport-tagság helyett vizsgáljuk előbb a megfelelő szervezeti egységet... de ezt nem biztos, hogy érdemes... */
+ if (in_array($group, $AUTH[$toPolicy]['categories'])) {
+ if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true;
+ }
+
+ if (substr($group,0,3) != 'cn=') {
+ $groupDn = LDAPgroupCnToDn(ekezettelen($group));
+ if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában
+ } else {
+ $groupDn = $group;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $justthese = array('cn'); // valamit le kell kérdezni...
+ $filter = "(&(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(member=$userDn))";
+ $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = ldap_get_entries($ds, $sr);
+ ldap_close($ds);
+
+ if ($info['count'] > 0) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php b/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php
new file mode 100644
index 00000000..db62a348
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php
@@ -0,0 +1,157 @@
+<?php
+/*
+ Modules: base/session
+*/
+
+ require_once('include/backend/ldap-ng/password/changePassword.php');
+
+ /*
+ $SET = array(
+ container => a konténer elem - ha nincs, akkor CN=Users alá rakja
+ category => tanár, diák... egy kiemelt fontosságú csoport tagság
+ groups => egyéb csoportok
+ policyAttrs => policy függő attribútumok
+ )
+ */
+ function ldapCreateAccount(
+ $userCn, $userAccount, $userPassword, $toPolicy, $SET
+ ) {
+
+ global $AUTH;
+
+ $shadowLastChange = floor(time() / (60*60*24));
+
+ // $toPolicy --> ldap backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = $ginfo = Array();
+
+ // uid ütközés ellenőrzése
+ $filter = "(sAMAccountName=$userAccount)";
+ $justthese = array('sAMAccountName');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ $uinfo = ldap_get_entries($ds, $sr);
+ $uidCount = $uinfo['count'];
+ ldap_free_result($sr);
+ if ($uidCount > 0) {
+ $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount;
+ return false;
+ }
+
+ // Az következő uidNumber megállapítása
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(uidNumber=*))";
+ $justthese = array('uidNumber', 'msSFU30UidNumber');
+ $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ ldap_sort($ds, $sr, 'uidNumber');
+ $uinfo = ldap_get_entries($ds, $sr);
+ ldap_free_result($sr);
+ if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1);
+ else $info['uidNumber'] = array(1001);
+
+ // shadow attributumok...
+ // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '')
+ $info['shadowLastChange'] = array($shadowLastChange);
+ if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']);
+ if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']);
+ if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']);
+ if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']);
+ if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']);
+
+ // A szokásos attribútumok
+ $Name = explode(' ',$userCn);
+ $Dn = ldap_explode_dn($AUTH[$toPolicy]['ldapBaseDn'], 1); unset($Dn['count']);
+ $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn));
+ $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount);
+ $info['displayName'] = array($userCn);
+ $info['sn'] = array($Name[0]);
+ $info['givenName'] = array($Name[ count($Name)-1 ]);
+ $info['unixUserPassword'] = array('ABCD!efgh12345$67890');
+ $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount"));
+ $info['loginShell'] = array('/bin/bash');
+ $info['objectClass'] = array($AUTH[$toPolicy]['ldapUserObjectClass'], 'user');
+
+ $policyAccountAttrs = $SET['policyAttrs'];
+ if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['ldapStudyIdAttr'] ] = array($policyAccountAttrs['studyId']);
+ foreach ($policyAccountAttrs as $attr => $value)
+ if ($attr != 'studyId' && isset($accountAttrToLDAP[$attr]))
+ $info[ $accountAttrToLDAP[$attr] ] = array($value);
+
+ if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container'];
+ else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['ldapBaseDn'];
+
+ // user felvétel
+ $_r1 = @ldap_add($ds,$dn,$info);
+ if (!$_r1) {
+ $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds);
+ //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
+ return false;
+ }
+
+ // Jelszó beállítás
+ if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount;
+
+ // Engedélyezés
+ $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */
+ $_r1 = @ldap_mod_replace($ds,$dn,$einfo);
+ if (!$_r1) {
+ $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds);
+ //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
+ return false;
+ }
+
+ // Kategória csoportba és egyéb csoportokba rakás
+ if (isset($SET['category'])) {
+ if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']);
+ else $SET['groups'] = array($SET['category']);
+
+ $ginfo['member'] = $dn;
+
+ for ($i = 0; $i < count($SET['groups']); $i++) {
+ $groupDn = LDAPgroupCnToDn($SET['groups'][$i], $toPolicy);
+ if ($groupDn !== false) {
+ $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo);
+ if (!$_r3) {
+ $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds);
+ //echo $SET['groups'][$i].'<pre>'; var_dump($ginfo); echo '</pre>';
+ }
+ }
+ }
+ }
+
+ ldap_close($ds);
+
+ if (defined('_DATADIR')
+ && isset($AUTH[$toPolicy]['createAccountScript'])
+ && file_exists(_DATADIR)
+ ) {
+ $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+');
+ if ($sfp) {
+ fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n");
+ fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n");
+ fclose($sfp);
+ }
+ }
+ $_SESSION['alert'][] = 'info:create_uid_success:'.$dn;
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php b/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php
new file mode 100644
index 00000000..59c77c92
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php
@@ -0,0 +1,82 @@
+<?php
+/*
+ Modules: base/session
+*/
+
+
+ function ldapCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = array()) {
+
+ global $AUTH;
+ $category = ekezettelen($SET['category']);
+
+ // $toPolicy --> ldap backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = $ginfo = Array();
+
+ // cn ütközés ellenőrzése
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(cn=$groupCn))";
+ $justthese = array('cn');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ $ginfo = ldap_get_entries($ds, $sr);
+ $gCount = $ginfo['count'];
+ ldap_free_result($sr);
+ if ($gCount > 0) {
+ $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn;
+ return false;
+ }
+
+ // Az következő gidNumber megállapítása
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(gidNumber=*))";
+ $justthese = array('gidNumber', 'msSFU30GidNumber');
+ $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ ldap_sort($ds, $sr, 'gidNumber');
+ $ginfo = ldap_get_entries($ds, $sr);
+ ldap_free_result($sr);
+ if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1);
+ else $info['gidNumber'] = array(1001);
+
+ // A szokásos attribútumok
+ $info['sAMAccountName'] = $info['cn'] = array($groupCn);
+ $info['description'] = array($groupDesc);
+
+ // A kategória függő attribútumok
+ if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container'];
+ else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['ldapBaseDn'];
+
+ // objectum osztályok
+ $info['objectClass'] = array($AUTH[$toPolicy]['ldapGroupObjectClass']);
+
+ // csoport felvétel
+ $_r1 = ldap_add($ds,$dn,$info);
+ if (!$_r1) {
+ printf("LDAP-Error: %s<br>\n", ldap_error($ds));
+ var_dump($info);
+ }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php
new file mode 100644
index 00000000..70be6ed5
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php
@@ -0,0 +1,271 @@
+<?php
+/*
+ Module: base/session
+ Backend: ldap-ng
+
+ ! -- Csak publikus mezőkre lehet keresni! -- !
+ function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)')
+ function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'))
+ function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') {
+
+*/
+
+######################################################
+# Általános LDAP kereső függvény
+######################################################
+
+ function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ if ($pattern == '') {
+ $_SESSION['alert'][] = 'message:empty_field';
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $filter = "(&$filter($attr=*$pattern*))";
+ $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $searchAttrs);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+######################################################
+# ldapSearchAccount - felhasználó kereső függvény
+######################################################
+
+ function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
+
+ global $accountAttrToLDAP;
+
+ // A keresendő attribútum konvertálása LDAP attribútummá
+ if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ];
+ else $attrLDAP = $attr;
+ if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!!
+
+ // A lekérendő attribútumok konvertálása LDAP attribútummá
+ for ($i = 0; $i < count($searchAttrs); $i++) {
+ if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ];
+ else $searchAttrsLDAP[$i] = $searchAttrs[$i];
+ }
+ $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(&(objectclass=person)(!(objectclass=computer)))', $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']);
+ for ($j = 0; $j < count($searchAttrs); $j++) {
+ $a = $searchAttrs[$j];
+ if (isset($result[$i][ kisbetus($accountAttrToLDAP[$a]) ])) {
+ if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToLDAP[$a]) ];
+ else $return[$i][$a] = $result[$i][$a];
+ } else {
+ $return[$i][$a] = array('count' => 0) ;
+ }
+ }
+ $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy);
+ $return[$i]['category']['count'] = count($return[$i]['category']);
+ }
+ $return['count'] = $result['count'];
+
+ return $return;
+
+ }
+
+ }
+
+######################################################
+# ldapSearchGroup - csoport kereső függvény
+######################################################
+
+ function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) {
+
+ global $groupAttrToLDAP;
+
+ // A keresendő attribútum konvertálása LDAP attribútummá
+ if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ];
+ else $attrLDAP = $attr;
+ if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!!
+
+ // A lekérendő adtibútumok konvertálása LDAP attribútummá
+ for ($i = 0; $i < count($searchAttrs); $i++) {
+ if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ];
+ else $searchAttrsLDAP[$i] = $searchAttrs[$i];
+ }
+
+ $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=group)', $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ for ($j = 0; $j < count($searchAttrs); $j++) {
+ $a = $searchAttrs[$j];
+ if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') {
+ if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ];
+ else $return[$i][$a] = '';
+ } else {
+ $return[$i][$a] = $result[$i][$a];
+ }
+ }
+ }
+ $return['count'] = $result['count'];
+
+ return $return;
+
+ }
+
+ }
+
+######################################################
+# ldapDeleteAccount - account törlése
+######################################################
+
+ function ldapDeleteAccount($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // $toPolicy --> ldap-ng backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:ldap-ng!='.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ if ($userDn === false) return false;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Az uidNumber, a unixHomeDirectory lekerdezése
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(!(objectclass=computer)))";
+ $justthese = array('uidNumber','unixHomedirectory');
+ $sr = @ldap_search($ds,$userDn,$filter,$justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ } ;
+
+ $info = @ldap_get_entries($ds,$sr);
+ $uidNumber = $info[0]['uidnumber'][0];
+ $homeDirectory = $info[0]['unixhomedirectory'][0];
+ $uid=$userAccount;
+
+ // user törlése
+ if (!@ldap_delete($ds,$userDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount;
+ }
+
+ ldap_close($ds);
+
+ /*
+ Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait.
+ A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter
+ lista: userAccount, uidNumber, homeDirectory
+ */
+ if (defined('_DATADIR')
+ && isset($AUTH[$toPolicy]['deleteAccountScript'])
+ && file_exists(_DATADIR)
+ ) {
+ $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+');
+ if ($sfp) {
+ fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n");
+ fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n");
+ fclose($sfp);
+ }
+ }
+
+ $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
+ return true;
+
+ }
+
+######################################################
+# ldapDeleteGroup - account törlése
+######################################################
+
+ function ldapDeleteGroup($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // $toPolicy --> ldap-ng backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:ldap-ng!='.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+ if ($groupDn === false) return false;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ if (!@ldap_delete($ds, $groupDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn;
+ }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn;
+ return true;
+
+ }
+
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap/auth/login.php b/mayor-orig/www/include/backend/ldap/auth/login.php
new file mode 100644
index 00000000..2165371d
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap/auth/login.php
@@ -0,0 +1,144 @@
+<?php
+/*
+ Auth-LDAP
+
+ A név-jelszó pár ellenőrzése LDAP adatbázis alapján
+*/
+
+/* --------------------------------------------------------------
+
+ Felhasználók azonosítása LDAP-ban tárolt posixAccount
+ osztályok alapján történik.
+
+ A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
+ konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php)
+
+ Sikeres hitelesítés esetén
+ az egyéb account információkat (minimálisan a 'cn', azaz 'teljes név'
+ attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
+
+ Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
+ elutasítás okát.
+
+-------------------------------------------------------------- */
+
+######################################################################
+# Az LDAP protocol version szerinti csatlakozás
+######################################################################
+ ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+ function ldapUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) {
+
+ global $AUTH;
+
+ if ($toPolicy == '') {
+ if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy'];
+// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy'];
+ else $toPolicy = _POLICY;
+ }
+
+ // Kapcsolódás a szerverhez
+ $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return _AUTH_FAILURE;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = ldap_bind($ds);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return _AUTH_FAILURE;
+ }
+
+ // Van-e adott azonosítójú felhasználó?
+ $filter="(&(uid=$userAccount)(objectClass=posixAccount))";
+ $justthese = array("sn","cn","studyId","shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax");
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return _AUTH_FAILURE;
+ }
+ $info=ldap_get_entries($ds,$sr);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen userAccount (uid)
+ $_SESSION['alert'][] = "message:no_account:$userAccount";
+ ldap_close($ds);
+ return _AUTH_FAILURE_1;
+ }
+
+ if ( $info['count'] > 1 ) {
+ // Több ilyen uid is van
+ $_SESSION['alert'][] = "message:multi_uid";
+ ldap_close($ds);
+ return _AUTH_FAILURE_2;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen felhasználó
+
+ $accountInformation['cn'] = $info[0]['cn'][0];
+ $accountInformation['studyId'] = $info[0]['studyid'][0];
+ $accountInformation['dn'] = $info[0]['dn'];
+ $accountInformation['account'] = $userAccount;
+ // Lejárt-e
+ // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik
+ if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0];
+ if (
+ $info[0]['shadowmax'][0] != '' &&
+ (
+ !isset($expireTimestamp) ||
+ $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]
+ )
+ ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0];
+ // lejárt, ha lejárat ideje már elmúlt
+ $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24))));
+
+ // Le van-e tiltva
+ // Ha több mint shadowInactive napja lejárt
+ if ( // onDisabled: none | refuse
+ $AUTH[$toPolicy]['onDisabled'] == 'refuse' &&
+ isset($expireTimestamp) &&
+ $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24))
+ ) {
+ // Le van tiltva
+ $_SESSION['alert'][] = 'message:account_disabled';
+ ldap_close($ds);
+ return _AUTH_FAILURE_4;
+ } // onDisabled
+
+ // Jelszó ellenőrzés - lehet-e csatlakozni
+ if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) {
+ $_SESSION['alert'][] = 'message:bad_pw';
+ return _AUTH_FAILURE_3;
+ }
+
+ ldap_close($ds);
+ // Lejárt-e az azonosító
+ if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update
+ // Lejárt-e
+ $pwLejar = $expireTimestamp - floor(time()/(60*60*24));
+ if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) {
+ $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
+ return _AUTH_SUCCESS;
+ } elseif ($pwLejar <= 0) {
+ $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
+ if ($AUTH[$toPolicy]['onDisabled'] == 'refuse')
+ $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar);
+ if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
+ return _AUTH_SUCCESS;
+ } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
+ return _AUTH_EXPIRED;
+ }
+ }
+ } // onExpired
+
+ // Ha idáig eljut, akkor minden rendben.
+ return _AUTH_SUCCESS;
+
+ } // count == 1
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap/base/attrs.php b/mayor-orig/www/include/backend/ldap/base/attrs.php
new file mode 100644
index 00000000..bf86d0d2
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap/base/attrs.php
@@ -0,0 +1,120 @@
+<?php
+/*
+ Module: useradmin
+*/
+
+ if (file_exists('lang/'._LANG.'/backend/ldap/attrs.php')) {
+ require('lang/'._LANG.'/backend/ldap/attrs.php');
+ } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php')) {
+ require('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php');
+ }
+
+######################################################
+# Alapértelmezett jogosultságok
+#
+# w - Írható/olvasható
+# r - olvasható
+# - - egyik sem
+#
+# Három karakter: admin, self, other jogai
+######################################################
+
+ define('_DEFAULT_LDAP_RIGHTS','wr-');
+
+######################################################
+# Az LDAP account attribútumok
+######################################################
+
+ global $ldapAccountAttrs;
+ $ldapAccountAttrs = array(
+ 'uid',
+ 'uidnumber',
+ 'gidnumber',
+ 'gecos',
+ 'cn',
+ 'studyid',
+ 'sn',
+ 'givenname',
+ 'mail',
+ 'telephonenumber',
+ 'mobile',
+ 'l',
+ 'street',
+ 'postaladdress',
+ 'postalcode',
+ 'homedirectory',
+ 'shadowlastchange',
+ 'shadowexpire',
+ 'shadowwarning',
+ 'shadowmin',
+ 'shadowmax',
+ 'shadowinactive',
+ );
+
+ global $ldapGroupAttrs;
+ $ldapGroupAttrs = array(
+ 'gidnumber',
+ 'cn',
+ 'description',
+ 'member',
+ 'memberuid'
+ );
+
+ global $accountAttrToLDAP;
+ $accountAttrToLDAP = array(
+ 'userAccount' => 'uid',
+ 'userCn' => 'cn',
+ 'mail' => 'mail',
+ 'studyId' => 'studyId',
+ 'shadowLastChange' => 'shadowLastChange',
+ 'shadowWarning' => 'shadowWarning',
+ 'shadowMin' => 'shadowMin',
+ 'shadowMax' => 'shadowMax',
+ 'shadowExpire' => 'shadowExpire',
+ 'shadowInactive' => 'shadowInactive',
+ );
+
+ global $groupAttrToLDAP;
+ $groupAttrToLDAP = array(
+ 'groupCn' => 'cn',
+ 'groupDesc' => 'description',
+ 'member' => 'member'
+ );
+
+ global $ldapAccountAttrDef;
+ $ldapAccountAttrDef = array(
+ 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'),
+ 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'),
+ 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
+ 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
+ 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'),
+ 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'),
+ 'studyid' => array('desc' => _LDAPSTUDYID, 'type' => 'int', 'rights' => 'wrr'),
+ 'sn' => array('desc' => _LDAPSN, 'type' => 'text'),
+ 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'),
+ 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'),
+ 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'),
+ 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'),
+ 'l' => array('desc' => _LDAPL, 'type' => 'text'),
+ 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'),
+ 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'),
+ 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'),
+ 'homedirectory' => array('desc' => _LDAPHOMEDIRECTORY, 'type' => 'text'),
+ 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text'),
+ 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text'),
+ 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text'),
+ 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text'),
+ 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text'),
+ 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text'),
+ );
+
+ global $ldapGroupAttrDef;
+ $ldapGroupAttrDef = array(
+ 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'),
+ 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'),
+ 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'),
+ 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'),
+ 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'),
+ );
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap/base/attrs.php.orig b/mayor-orig/www/include/backend/ldap/base/attrs.php.orig
new file mode 100644
index 00000000..658dfa1c
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap/base/attrs.php.orig
@@ -0,0 +1,175 @@
+<?php
+/*
+ Module: useradmin
+*/
+
+ if (file_exists('lang/'._LANG.'/backend/ldap/attrs.php')) {
+ require('lang/'._LANG.'/backend/ldap/attrs.php');
+ } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php')) {
+ require('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php');
+ }
+
+######################################################
+# Alapértelmezett jogosultságok
+#
+# w - Írható/olvasható
+# r - olvasható
+# - - egyik sem
+#
+# Három karakter: admin, self, other jogai
+######################################################
+
+ define('_DEFAULT_LDAP_RIGHTS','wr-');
+
+######################################################
+# Az LDAP account attribútumok
+######################################################
+
+ global $ldapAccountAttrs;
+ $ldapAccountAttrs = array(
+ 'uid',
+ 'uidnumber',
+ 'gidnumber',
+ 'gecos',
+ 'cn',
+ 'sn',
+ 'givenname',
+ 'mail',
+ 'homepage',
+ 'url',
+ 'telephonenumber',
+ 'mobile',
+ 'year',
+ 'class',
+ 'l',
+ 'street',
+ 'postaladdress',
+ 'postalcode',
+ 'homedirectory',
+ 'owner',
+ 'leader',
+ 'description',
+ 'roomnumber',
+ 'registertimestamp',
+ 'primaryschoolomcode',
+ 'classtimestamp',
+ 'studentcardnumber',
+ 'studentcardtimestamp',
+ 'taxid',
+ 'birthtimestamp',
+ 'birthlocality',
+ 'registernumber',
+ 'diarynumber',
+ 'sex',
+ 'guardiancn',
+ 'mothercn',
+ 'localitytimestamp',
+ 'tajnumber',
+ 'member',
+ 'studentmember',
+ 'exemptmember',
+ 'examermember',
+ 'memberuid',
+ 'shadowlastchange',
+ 'shadowexpire',
+ 'shadowwarning',
+ 'shadowmin',
+ 'shadowmax',
+ 'shadowinactive',
+ 'parentpassword'
+ );
+
+ global $ldapGroupAttrs;
+ $ldapGroupAttrs = array(
+ 'gidnumber',
+ 'cn',
+ 'description',
+ 'owner',
+ 'member',
+ 'memberuid'
+ );
+
+ global $accountAttrToLDAP;
+ $accountAttrToLDAP = array(
+ 'userAccount' => 'uid',
+ 'userCn' => 'cn',
+ 'mail' => 'mail',
+ 'studyId' => 'studyId',
+ 'shadowLastChange' => 'shadowLastChange',
+ 'shadowWarning' => 'shadowWarning',
+ 'shadowMin' => 'shadowMin',
+ 'shadowMax' => 'shadowMax',
+ 'shadowExpire' => 'shadowExpire',
+ 'shadowInactive' => 'shadowInactive',
+ );
+
+ global $groupAttrToLDAP;
+ $groupAttrToLDAP = array(
+ 'groupId' => 'cn',
+ 'groupName' => 'description',
+// 'leader' => 'leader',
+ 'owner' => 'owner',
+ 'member' => 'member'
+ );
+
+ global $ldapAccountAttrDef;
+ $ldapAccountAttrDef = array(
+ 'dn' => array('desc' => _LDAPDN, 'type' => 'text','rights' => 'rrr'),
+ 'uid' => array('desc' => _LDAPUID, 'type' => 'text','rights' => 'rrr'),
+ 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int','rights' => 'w--'),
+ 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'),
+ 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text','rights' => 'w--'),
+ 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'),
+ 'sn' => array('desc' => _LDAPSN, 'type' => 'text'),
+ 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'),
+ 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text','rights' => 'wwr'),
+ 'homepage' => array('desc' => _LDAPHOMEPAGE, 'type' => 'text','rights' => 'wwr'),
+ 'url' => array('desc' => _LDAPURL, 'type' => 'text'),
+ 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text','rights' => 'ww-'),
+ 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text','rights' => 'ww-'),
+ 'year' => array('desc' => _LDAPYEAR, 'type' => 'int'),
+ 'class' => array('desc' => _LDAPCLASS, 'type' => 'text'),
+ 'l' => array('desc' => _LDAPL, 'type' => 'text'),
+ 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'),
+ 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'),
+ 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'),
+ 'homedirectory' => array('desc' => _LDAPHOMEDIRECTORY, 'type' => 'text'),
+ 'roomnumber' => array('desc' => _LDAPROOMNUMBER, 'type' => 'int'),
+ 'registertimestamp' => array('desc' => _LDAPREGISTERTIMESTAMP, 'type' => 'timestamp'),
+ 'primaryschoolomcode' => array('desc' => _LDAPPRIMARYSCHOOLOMCODE, 'type' => 'text'),
+ 'classtimestamp' => array('desc' => _LDAPCLASSTIMESTAMP, 'type' => 'timestamp'),
+ 'studentcardnumber' => array('desc' => _LDAPSTUDENTCARDNUMBER, 'type' => 'text'),
+ 'studentcardtimestamp' => array('desc' => _LDAPSTUDENTCARDTIMESTAMP, 'type' => 'timestamp'),
+ 'taxid' => array('desc' => _LDAPTAXID, 'type' => 'text'),
+ 'birthtimestamp' => array('desc' => _LDAPBIRTHTIMESTAMP, 'type' => 'timestamp'),
+ 'birthlocality' => array('desc' => _LDAPBIRTHLOCALITY, 'type' => 'text'),
+ 'registernumber' => array('desc' => _LDAPREGISTERNUMBER, 'type' => 'text'),
+ 'diarynumber' => array('desc' => _LDAPDIARYNUMBER, 'type' => 'text'),
+ 'sex' => array('desc' => _LDAPSEX, 'type' => 'radio', 'options' => array(_FIU, _LANY)),
+ 'guardiancn' => array('desc' => _LDAPGUARDIANCN, 'type' => 'text'),
+ 'mothercn' => array('desc' => _LDAPMOTHERCN, 'type' => 'text'),
+ 'localitytimestamp' => array('desc' => _LDAPLOCALITYTIMESTAMP, 'type' => 'timestamp'),
+ 'tajnumber' => array('desc' => _LDAPTAJNUMBER, 'type' => 'text'),
+ 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text'),
+ 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text'),
+ 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text'),
+ 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text'),
+ 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text'),
+ 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text'),
+ );
+
+ global $ldapGroupAttrDef;
+ $ldapGroupAttrDef = array(
+ 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'),
+ 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'),
+ 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'),
+ 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'),
+ 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'),
+ 'owner' => array('desc' => _LDAPOWNER, 'type' => 'select'),
+// 'studentmember' => array('desc' => _LDAPSTUDENTMEMBER, 'type' => 'text'),
+// 'exemptmember' => array('desc' => _LDAPEXEMPTMEMBER, 'type' => 'text'),
+// 'examermember' => array('desc' => _LDAPEXAMERMEMBER, 'type' => 'text'),
+// 'leader' => array('desc' => _LDAPLEADER, 'type' => 'text'),
+ );
+
+?> \ No newline at end of file
diff --git a/mayor-orig/www/include/backend/ldap/base/str.php b/mayor-orig/www/include/backend/ldap/base/str.php
new file mode 100644
index 00000000..2ef3ad1c
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap/base/str.php
@@ -0,0 +1,53 @@
+<?php
+/*
+ Module: useradmin
+
+ function date2timestamp($date)
+ function timestamp2date($stamp)
+ !! -- function ldap_cn_cmp($a,$b) -- !! Kell ez?
+ !! -- function tanar_cn_cmp($a,$b) -- !! Használjuk ezt?
+
+ // - fuggoseg - // require_once('include/share/ldap/attrs.php');
+
+*/
+
+// -------------------------------------
+// Date2Timestamp
+// -------------------------------------
+
+ function date2timestamp($date) {
+ $date = str_replace('-','',$date);
+ $date = str_replace('.','',$date).'010101Z';
+ if (strlen($date) == 15) return $date;
+ else return '';
+ }
+
+// -------------------------------------
+// Timestamp2Date
+// -------------------------------------
+
+ function timestamp2date($stamp) {
+ $date = substr($stamp,0,4).'-'.substr($stamp,4,2).'-'.substr($stamp,6,2);
+ if (strlen($date) == 10) return $date;
+ else return '';
+ }
+
+/*
+// ---------------------------------------------------------------------------
+// LDAP eredmény elemeinek összehasonlítása cn-alapján (Már latin2-es kódolású!!!)
+// ---------------------------------------------------------------------------
+
+ function ldap_cn_cmp($a,$b) {
+ return str_cmp($a['cn'][0],$b['cn'][0]);
+ }
+
+// ---------------------------------------------------------------------------
+// $TANAROK tömb rendezéséhez (include/naplo/helyettesít.php) (Már latin2-es kódolású!!!)
+// ---------------------------------------------------------------------------
+
+ function tanar_cn_cmp($a,$b) {
+ return str_cmp($a['cn'],$b['cn']);
+ }
+*/
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap/password/changePassword.php b/mayor-orig/www/include/backend/ldap/password/changePassword.php
new file mode 100644
index 00000000..22ace5ca
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap/password/changePassword.php
@@ -0,0 +1,102 @@
+<?php
+/*
+ Module: base/password
+
+ function changeMyPassword($userAccount, $userPassword, $newPassword, $verification)
+ A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására.
+ Ennek eldöntése a függvényt hívó program feladata
+ */
+
+############################################################################
+# Saját jelszó megváltoztatása
+############################################################################
+
+function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') {
+
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy'];
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ $shadowLastChange = floor(time()/(60*60*24));
+
+ $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if ($ds) {
+ $b_ok = ldap_bind($ds,$userDn,$userPassword);
+ if ($b_ok) {
+ $info['userPassword'][0] = '{crypt}' . crypt($newPassword);
+ // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
+ // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
+ $info['shadowlastchange'][0] = $shadowLastChange;
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+ $r = ldap_mod_replace($ds,$userDn,$info);
+ ldap_close($ds);
+ if ($r) {
+ $_SESSION['alert'][] = 'info:pw_change_success';
+ return true;
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure';
+ return false;
+ }
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn;
+ ldap_close($ds);
+ return false;
+ }
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_failure';
+ return false;
+ }
+
+}
+
+############################################################################
+# Adminisztrátori jelszó változtatás
+############################################################################
+
+function changePassword($userAccount, $newPassword, $toPolicy = '') {
+
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = _POLICY;
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ $shadowLastChange = floor(time()/(60*60*24));
+
+ $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if ($ds) {
+ $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD);
+ if ($b_ok) {
+ $info['userPassword'][0] = '{crypt}' . crypt($newPassword);
+ // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
+ // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
+ $info['shadowlastchange'][0] = $shadowLastChange;
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+ $r = @ldap_mod_replace($ds,$userDn,$info);
+ ldap_close($ds);
+ if ($r) {
+ $_SESSION['alert'][] = 'info:pw_change_success';
+ return true;
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure';
+ return false;
+ }
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN;
+ ldap_close($ds);
+ return false;
+ }
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_failure';
+ return false;
+ }
+
+}
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap/session/accountInfo.php b/mayor-orig/www/include/backend/ldap/session/accountInfo.php
new file mode 100644
index 00000000..24f5234b
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap/session/accountInfo.php
@@ -0,0 +1,401 @@
+<?php
+/*
+ Module: base/auth-ldap
+ Backend: ldap
+
+ function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '')
+ function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY)
+ function ldapGetUserInfo($userAccount, $toPolicy = _POLICY)
+ function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY)
+ function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY)
+
+*/
+
+######################################################
+# getLDAPInfo - általános LDAP lekérdezés
+######################################################
+
+ function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $filter = '(objectclass=*)';
+ $sr = @ldap_search($ds, $userDn, $filter, $attrList);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+###########################################################
+# ldapGetAccountInfo - felhasználói információk (backend)
+###########################################################
+
+ function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($backendAttrDef as $attr => $def) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
+ else $return[$i][$attr] = array('count' => 0);
+ }
+ }
+
+ return $return[0];
+
+ }
+
+ }
+
+#############################################################
+# ldapGetUserInfo - felhasználói információk (keretrendszer)
+#############################################################
+
+ function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH, $accountAttrToLDAP, $ldapAttrDef;
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']);
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($accountAttrToLDAP as $attr => $ldapAttr) {
+ if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr];
+ else $return[$attr] = array('count' => 0);
+ }
+
+ return $return;
+
+ }
+
+ }
+
+###############################################################
+# ldapChangeAccountInfo - felhasználói információk módosítása
+###############################################################
+
+ function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+
+ $mod_info = $add_info = $del_info = Array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] == 'image') {
+ $file = $_FILES[$attr]['tmp_name'];
+ if (file_exists($file)) {
+ $fd = fopen($file,'r');
+ $values[0]=fread($fd,filesize($file));
+ fclose($fd);
+ } else {
+ // Sose töröljük!
+ $emptyAttrs[] = $attr;
+ }
+ } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
+ if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
+ $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
+ }
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr];
+ }
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
+ if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
+ } elseif (in_array($attr,$emptyAttrs)) {
+ if ($values[0] != '') $add_info[$attr] = $values;
+ } else {
+ if ($values[0] != '') {
+ $mod_info[$attr] = $values;
+ } else {
+ $del_info[$attr] = Array();
+ }
+ }
+
+ $_alert = array();
+ if (count($add_info)!=0) {
+ if (!@ldap_mod_add($ds,$userDn,$add_info)) {
+ $_alert[] = 'message:insufficient_access:add:'.$attr;
+ }
+ }
+ if (count($mod_info)!=0) {
+ if (!@ldap_mod_replace($ds,$userDn,$mod_info)) {
+ $_alert[] = 'message:insufficient_access:mod:'.$attr;
+ }
+ }
+ if (count($del_info)!=0) {
+ if (!@ldap_mod_del($ds,$userDn,$del_info)) {
+ $_alert[] = 'message:insufficient_access:del:'.$attr;
+ }
+ }
+
+ } else {
+// $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ ldap_close($ds);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+###########################################################
+# ldapGetGroupInfo - csoport információk (backend)
+###########################################################
+
+ function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+
+ $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // Accountok lekérdezése
+ $info = getLDAPaccounts($toPolicy);
+ for ($i = 0; $i < $info['count']; $i++) {
+ $accountUid[] = array(
+ 'value' => $info[$i]['uid'][0],
+ 'txt' => $info[$i]['cn'][0]
+ );
+ $accountDn[] = array(
+ 'value' => $info[$i]['dn'],
+ 'txt' => $info[$i]['cn'][0]
+ );
+ }
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($backendAttrDef as $attr => $def) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
+ else $return[$i][$attr] = array('count' => 0);
+ }
+ $return[$i]['member']['new'] = $accountDn;
+ $return[$i]['memberuid']['new'] = $accountUid;
+ }
+
+ return $return[0];
+
+ }
+
+ }
+
+###############################################################
+# ldapChangeGroupInfo - csoport információk módosítása
+###############################################################
+
+ function ldapChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
+
+// !!!! A memberuid / member szinkronjára nem figyel!!
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+
+ $mod_info = $add_info = $del_info = Array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] == 'image') {
+ $file = $_FILES[$attr]['tmp_name'];
+ if (file_exists($file)) {
+ $fd = fopen($file,'r');
+ $values[0]=fread($fd,filesize($file));
+ fclose($fd);
+ } else {
+ // Sose töröljük!
+ $emptyAttrs[] = $attr;
+ }
+ } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
+ if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
+ $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
+ }
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '')
+ if (isset($_POST[$attr])) $values[0] = $_POST[$attr];
+ else $values[0] = '';
+ }
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
+ if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
+ } elseif (in_array($attr,$emptyAttrs)) {
+ if ($values[0] != '') $add_info[$attr] = $values;
+ } else {
+ if ($values[0] != '') {
+ $mod_info[$attr] = $values;
+ } else {
+ $del_info[$attr] = Array();
+ }
+ }
+
+ $_alert = array();
+ if (count($add_info)!=0) {
+ if (!@ldap_mod_add($ds,$groupDn,$add_info)) {
+ $_alert[] = 'message:insufficient_access:add:'.$attr;
+ }
+ }
+ if (count($mod_info)!=0) {
+ if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) {
+ $_alert[] = 'message:insufficient_access:mod:'.$attr;
+ }
+ }
+ if (count($del_info)!=0) {
+ if (!@ldap_mod_del($ds,$groupDn,$del_info)) {
+ $_alert[] = 'message:insufficient_access:del:'.$attr;
+ }
+ }
+
+ } else {
+// $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ ldap_close($ds);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+ function getLDAPaccounts($toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $attrList = array('cn','uid');
+// $filter = '(objectclass=mayorPerson)';
+ $filter = '(objectclass=posixAccount)';
+ $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $attrList);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ }
+
+ ldap_sort($ds, $sr, 'cn');
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap/session/base.php b/mayor-orig/www/include/backend/ldap/session/base.php
new file mode 100644
index 00000000..b8529cc2
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap/session/base.php
@@ -0,0 +1,255 @@
+<?php
+/*
+ Module: base/session
+ Backend: ldap
+
+ function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY)
+ function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY)
+
+*/
+
+ require('include/backend/ldap/base/attrs.php');
+ require('include/backend/ldap/base/str.php');
+
+ ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+ if ($AUTH[_POLICY]['backend'] == 'ldap') {
+ /* why not put into session cache */
+ if ($AUTH[_POLICY]['cacheable']=='yes') {
+ $userDn = _queryCache('RDN',_POLICY,'value');
+ }
+ if (!isset($userDn)) $userDn = LDAPuserAccountToDn();
+ define('_USERDN', $userDn);
+ if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY);
+ unset($userDn);
+ }
+
+######################################################
+# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése
+######################################################
+
+ function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // Van-e adott azonosítójú felhasználó?
+ $filter="(&(uid=$userAccount)(objectClass=posixAccount))";
+ $justthese=array('cn');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return false;
+ }
+ $info=ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen userAccount (uid)
+ $_SESSION['alert'][] = "message:no_account:$userAccount";
+ return false;
+ } elseif ( $info['count'] > 1 ) {
+ // Több ilyen uid is van
+ $_SESSION['alert'][] = "message:multi_uid:$userAccount";
+ return false;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen felhasználó
+ return $info[0]['dn'];
+ }
+
+ }
+
+
+######################################################
+# A groupCn(cn)-hez tartozó dn lekérdezése
+######################################################
+
+ function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // Van-e adott azonosítójú felhasználó?
+ $filter="(&(cn=$groupCn)(objectClass=posixGroup))";
+ $justthese=array('cn');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return false;
+ }
+ $info=ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó...
+ if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn";
+ return false;
+ } elseif ( $info['count'] > 1 ) {
+ // Több ilyen cn is van
+ $_SESSION['alert'][] = "message:multi_gid:$groupCn";
+ return false;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen csoport
+ return $info[0]['dn'];
+ }
+
+ }
+
+
+
+######################################################
+# memberOf - csoport tag-e
+######################################################
+
+ function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) {
+
+ global $AUTH, $LDAP2Mayor;
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ if (in_array($group, $AUTH[$toPolicy]['categories'])) {
+ if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true;
+# Ha nincs megfelelő ou-ban, akkor nézzük a csoport tagságot - így berakható időszakosan akárki pl a titkárság kategóriába...
+# else return false;
+ }
+
+ if (substr($group,0,3) != 'cn=') {
+ $groupDn = LDAPgroupCnToDn(ekezettelen($group));
+ if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában
+ } else {
+ $groupDn = $group;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $justthese = array('cn'); // valamit le kell kérdezni...
+/* $filter = "(& (objectClass=mayorGroup)
+ (member=$userDn)
+ )";
+*/
+ $filter = "(& (objectClass=posixGroup)
+ (memberUid=$userAccount)
+ )";
+ $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = ldap_get_entries($ds, $sr);
+ ldap_close($ds);
+
+ if ($info['count'] > 0) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+
+######################################################
+# LDAPcreateContainer - tároló létrehozása
+######################################################
+
+ function LDAPcreateContainer($containerDn, $toPolicy) {
+
+ global $AUTH;
+
+ $pos = strpos($containerDn, ',ou=');
+ $container = substr($containerDn, 3, $pos-3);
+ $rdn = substr($containerDn, $pos+1);
+ $cat = substr($containerDn, 3, strlen($containerDn)-4-strlen($AUTH[$toPolicy]['ldap base dn']));
+
+ error_reporting(1);
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // OU létrehozása
+ $info['ou'][0] = $container;
+ $info['objectclass'][0] = 'organizationalUnit';
+ $info['description'][0] = $container;
+
+ $_r1 = ldap_add($ds, $containerDn, $info);
+ if (!$_r1) {
+// $_SESSION['alert'][] = 'message:ldap_add_failure:'.$containerDn;
+ return false;
+// printf("LDAP-Error: %s<br>\n", ldap_error($ds));
+// echo '<pre>'; var_dump($info); echo '</pre>';
+ }
+
+ // az OU-hoz tartozó csoportok OU-ja
+ $info['ou'][0] = 'Groups';
+ $info['objectclass'][0] = 'organizationalUnit';
+ $info['description'][0] = "$container csoportjai";
+
+ $containerDn = "ou=Groups,$containerDn";
+ $_r1 = ldap_add($ds, $containerDn, $info);
+ if (!$_r1) {
+ printf("LDAP-Error: %s<br>\n", ldap_error($ds));
+ echo '<pre>'; var_dump($info); echo '</pre>';
+ }
+
+ // Az osztály csoport létrehozása
+ require_once('include/modules/session/createGroup.php');
+ createGroup($container, "$container csoport", "$cat", $toPolicy);
+
+ ldap_close($ds);
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap/session/createAccount.php b/mayor-orig/www/include/backend/ldap/session/createAccount.php
new file mode 100644
index 00000000..79f40530
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap/session/createAccount.php
@@ -0,0 +1,204 @@
+<?php
+/*
+ Modules: base/session
+
+ UNTESTED!!!!
+*/
+
+ function ldapCreateAccount(
+ $userCn, $userAccount, $userPassword, $toPolicy, $SET
+ ) {
+
+ global $AUTH;
+
+ $category = ekezettelen($SET['category']);
+ $shadowLastChange = floor(time() / (60*60*24));
+
+ // $toPolicy --> ldap backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'ldap') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = $groupinfo = $oinfo = Array();
+
+ // uid ütközés ellenőrzése
+ $filter = "(uid=$userAccount)";
+ $justthese = array('uid');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
+ $uinfo = ldap_get_entries($ds, $sr);
+ $uidCount = $uinfo['count'];
+ ldap_free_result($sr);
+ if ($uidCount > 0) {
+ $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount;
+ return false;
+ }
+
+ // Az következő uidNumber megállapítása
+ $filter = '(objectClass=mayorOrganization)';
+ $justthese = array('nextuid', 'freeuid');
+ $sr = ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
+ $uidinfo = ldap_get_entries($ds,$sr);
+ ldap_free_result($sr);
+ if (isset($uidinfo[0]['freeuid']['count'])) $freeUidCount = $uidinfo[0]['freeuid']['count'];
+ else $freeUidCount = 0;
+ if ($freeUidCount == 0) {
+ $info['uidnumber'] = array($uidinfo[0]['nextuid'][0]);
+ $info['gidnumber'] = $info['uidnumber'];
+ $oinfo['nextuid'] = $info['uidnumber'][0]+1;
+ } else {
+ $info['uidnumber'] = array($uidinfo[0]['freeuid'][$freeUidCount-1]);
+ $info['gidnumber'] = $info['uidnumber'];
+ $oinfo['freeuid'] = $uidinfo[0]['freeuid'][$freeUidCount-1];
+ }
+
+ // shadow attributumok...
+ // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '')
+ $info['shadowlastchange'] = $shadowLastChange;
+ if (isset($AUTH[$toPolicy]['shadowmin']) && $AUTH[$toPolicy]['shadowmin'] != '') $info['shadowmin'] = $AUTH[$toPolicy]['shadowmin'];
+ if (isset($AUTH[$toPolicy]['shadowmax']) && $AUTH[$toPolicy]['shadowmax'] != '') $info['shadowmax'] = $AUTH[$toPolicy]['shadowmax'];
+ if (isset($AUTH[$toPolicy]['shadowwarning']) && $AUTH[$toPolicy]['shadowwarning'] != '') $info['shadowwarning'] = $AUTH[$toPolicy]['shadowwarning'];
+ if (isset($AUTH[$toPolicy]['shadowinactive']) && $AUTH[$toPolicy]['shadowinactive'] != '') $info['shadowinactive'] = $AUTH[$toPolicy]['shadowinactive'];
+ if (isset($AUTH[$toPolicy]['shadowexpire']) && $AUTH[$toPolicy]['shadowexpire'] != '') $info['shadowexpire'] = $AUTH[$toPolicy]['shadowexpire'];
+
+ // A szokásos attribútumok
+ $info['uid'] = array($userAccount);
+ $info['cn'] = array($userCn);
+ $info['sn'] = array('-');
+ $info['userpassword'] = array('{crypt}' . crypt($userPassword));
+ if (is_array($SET['policyAttrs'])) foreach ($SET['policyAttrs'] as $attr => $value) $info[kisbetus($attr)] = $value;
+ if (($pos = strpos($category,',')) !== false)
+ $info['homedirectory'] = "/home/diak/".substr($category,0,$pos)."/$userAccount";
+ else
+ $info['homedirectory'] = "/home/$category/$userAccount";
+
+ // A kategória függő attribútumok
+ if (isset($SET['container']) && $SET['container'] != '') {
+ $dn = "uid=$userAccount,".$SET['container'];
+ $group = "cn=$userAccount,ou=Groups,".$SET['container'];
+ $ouDn = $SET['container'];
+ } else {
+ $dn = "uid=$userAccount,ou=".$category.','.$AUTH[$toPolicy]['ldap base dn'];
+ $group = "cn=$userAccount,ou=Groups,ou=".$category.','.$AUTH[$toPolicy]['ldap base dn'];
+ $ouDn = "ou=".$category.",".$AUTH[$toPolicy]['ldap base dn'];
+ }
+
+ if ($SET['createContainer']) { // Létrehozza a tároló elemet, benne az OU=Groups tárolót, benne a megfelelő csoportot
+ LDAPcreateContainer($ouDn, $toPolicy);
+ }
+ // objectum osztályok
+ // a mayorPerson a posixAccount és shadowAccount leszármazottja,
+ // de kell egy structural object is - ez a person - aminek kötelező paramétere az sn!
+ $info['objectclass'] = array('person', 'mayorPerson');
+
+ // user felvétel
+ $info['homedirectory'] = ekezettelen($info['homedirectory']); // Nem lehet ékezetes :o(
+
+ $_r1 = ldap_add($ds,$dn,$info);
+ if (!$_r1) {
+ printf("LDAP-Error: %s<br>\n", ldap_error($ds));
+ echo $dn.'<pre>'; var_dump($info); echo '</pre>';
+ return false;
+ }
+
+ // user csoportja
+ $groupinfo['cn'] = $userAccount;
+ $groupinfo['gidnumber'] = $info['uidnumber'];
+ $groupinfo['memberuid'] = ekezettelen($userAccount); // Nem lehet ékezetes :o(
+ $groupinfo['description'] = 'A felhasználó saját csoportja';
+ $groupinfo['objectclass'] = 'posixGroup';
+ $_r2 = ldap_add($ds, $group, $groupinfo);
+ if (!$_r2) {
+ printf("LDAP-Error (userGroup): %s<br>\n", ldap_error($ds));
+ echo $group.'<pre>'; var_dump($groupinfo); echo '</pre>';
+ return false;
+ }
+
+ // Kategória csoportba rakás vagy tanár csoportba rakás ugye...
+ // És nincs diák csoport!
+ $ginfo['memberuid'] = ekezettelen($userAccount); // Nem lehet ékezetes :o(
+ $ginfo['member'] = $dn;
+
+ // Kategória csoportba és egyéb csoportokba rakás
+ if (isset($SET['category'])) {
+ if (is_array($SET['groups'])) array_unshift($SET['groups'], $category);
+ else $SET['groups'] = array($category);
+
+ for ($i = 0; $i < count($SET['groups']); $i++) {
+
+ $filter = "(&(objectClass=mayorGroup)(cn=".$SET['groups'][$i]."))";
+ $justthese = array('cn');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
+ if (ldap_count_entries($ds, $sr)) {
+ $grpInfo = ldap_get_entries($ds, $sr);
+ $groupDn = $grpInfo[0]['dn'];
+ $_r3 = ldap_mod_add($ds, $groupDn, $ginfo);
+ if (!$_r3) {
+ printf("LDAP-Error (category): %s<br>\n", ldap_error($ds));
+ echo $groupDn.'<pre>'; var_dump($ginfo); echo '</pre>';
+ }
+ }
+
+ }
+
+ }
+
+
+ // nextuid növelés
+ if ($freeUidCount == 0) {
+ $_r4 = ldap_mod_replace($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo);
+ } else {
+ $_r4 = ldap_mod_del($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo);
+ }
+ if (!$_r4) {
+ printf("LDAP-Error (freeUid): %s<br>\n", ldap_error($ds));
+ return false;
+ }
+
+ ldap_close($ds);
+
+ if (defined('_DATADIR')
+ && isset($AUTH[$toPolicy]['createAccountScript'])
+ && file_exists(_DATADIR)
+ ) {
+ $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+');
+ if ($sfp) {
+ fwrite($sfp,"\n# $userAccount l.trehoz.sa\n");
+ fwrite($sfp,'/bin/mkdir -p '.$info['homedirectory']."\n");
+ fwrite($sfp,'/bin/chmod 2755 '.$info['homedirectory']."\n");
+ fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."\n");
+
+ fwrite($sfp,'/bin/mkdir '.$info['homedirectory']."/private\n");
+ fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."/private\n");
+ fwrite($sfp,'/bin/chmod 0770 '.$info['homedirectory']."/private\n");
+
+ fwrite($sfp,'/bin/mkdir '.$info['homedirectory']."/public_html\n");
+ fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."/public_html\n");
+ fwrite($sfp,'/bin/chmod 0755 '.$info['homedirectory']."/public_html\n");
+
+ fwrite($sfp,'/bin/ln -s '.$info['homedirectory']." /home\n");
+// chmod($scriptFile,0770);
+ fclose($sfp);
+ }
+ }
+ $_SESSION['alert'][] = 'info:create_uid_success:'.$dn;
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap/session/createGroup.php b/mayor-orig/www/include/backend/ldap/session/createGroup.php
new file mode 100644
index 00000000..df2de812
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap/session/createGroup.php
@@ -0,0 +1,103 @@
+<?php
+/*
+ Modules: base/session
+*/
+
+ function ldapCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET) {
+
+ global $AUTH;
+ $category = ekezettelen($SET['category']);
+
+ // $toPolicy --> ldap backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'ldap') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = $groupinfo = $oinfo = Array();
+
+ // cn ütközés ellenőrzése
+ $filter = "(&(objectclass=posixgroup)(cn=$groupCn))";
+ $justthese = array('cn');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
+ $ginfo = ldap_get_entries($ds, $sr);
+ $gCount = $ginfo['count'];
+ ldap_free_result($sr);
+ if ($gCount > 0) {
+ $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn;
+ return false;
+ }
+
+ // Az következő gidNumber megállapítása
+ $filter = '(objectClass=mayorOrganization)';
+ $justthese = array('nextgid', 'freegid');
+ $sr = ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
+ $ginfo = ldap_get_entries($ds,$sr);
+ ldap_free_result($sr);
+ if (isset($ginfo[0]['freegid']['count'])) $freeGidCount = $ginfo[0]['freegid']['count'];
+ else $freeGidCount = 0;
+ if ($freeGidCount == 0) {
+ $info['gidnumber'] = array($ginfo[0]['nextgid'][0]);
+ $oinfo['nextgid'] = $info['gidnumber'][0]+1;
+ } else {
+ $info['gidnumber'] = array($ginfo[0]['freegid'][$freeGidCount-1]);
+ $oinfo['freegid'] = $ginfo[0]['freegid'][$freeGidCount-1];
+ }
+
+ // A szokásos attribútumok
+ $info['cn'] = array($groupCn);
+ $info['description'] = array($groupDesc);
+
+ // A kategória függő attribútumok
+ if (isset($SET['container'])) $dn = "cn=$groupCn,".$SET['container'];
+ else $dn = "cn=$groupCn,ou=Groups,ou=$category,".$AUTH[$toPolicy]['ldap base dn'];
+
+ // objectum osztályok
+ $info['objectclass'] = array('posixGroup', 'mayorGroup');
+
+ // Policy függő attribútumok - LDAP esetén pl a member kötelező
+ if (is_array($SET['policyAttrs'])) foreach ($SET['policyAttrs'] as $attr => $value) $info[kisbetus($attr)] = $value;
+
+ // csoport felvétel
+ $_r1 = ldap_add($ds,$dn,$info);
+ if (!$_r1) {
+ printf("LDAP-Error: %s<br>\n", ldap_error($ds));
+ echo $dn.'<hr>';
+ var_dump($info);
+ echo '<hr>';
+ var_dump($SET);
+ }
+
+ // nextuid növelés
+ if ($freeGidCount == 0) {
+ $_r4 = ldap_mod_replace($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo);
+ } else {
+ $_r4 = ldap_mod_del($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo);
+ }
+// if (!$_r4) {
+// printf("LDAP-Error: %s<br>\n", ldap_error($_r4));
+// }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php
new file mode 100644
index 00000000..62e19c5f
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php
@@ -0,0 +1,311 @@
+<?php
+/*
+ Module: base/session
+ Backend: ldap
+
+ ! -- Csak publikus mezőkre lehet keresni! -- !
+ function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)')
+ function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'))
+ function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') {
+
+*/
+
+######################################################
+# Általános LDAP kereső függvény
+######################################################
+
+ function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ if ($pattern == '') {
+ $_SESSION['alert'][] = 'message:empty_field';
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $filter = "(&$filter($attr=*$pattern*))";
+ $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $searchAttrs);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+######################################################
+# ldapSearchAccount - felhasználó kereső függvény
+######################################################
+
+ function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
+
+ global $accountAttrToLDAP;
+
+ // A keresendő attribútum konvertálása LDAP attribútummá
+ if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ];
+ else $attrLDAP = $attr;
+ if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!!
+
+ // A lekérendő attribútumok konvertálása LDAP attribútummá
+ for ($i = 0; $i < count($searchAttrs); $i++) {
+ if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ];
+ else $searchAttrsLDAP[$i] = $searchAttrs[$i];
+ }
+
+ $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=posixaccount)', $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']);
+ for ($j = 0; $j < count($searchAttrs); $j++) {
+ $a = $searchAttrs[$j];
+ if (isset($result[$i][ $accountAttrToLDAP[$a] ])) {
+ if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ $accountAttrToLDAP[$a] ];
+ else $return[$i][$a] = $result[$i][$a];
+ } else {
+ $return[$i][$a] = array('count' => 0) ;
+ }
+ }
+ $return[$i]['category'] = getAccountCategories($result[$i]['uid'][0], $toPolicy);
+ $return[$i]['category']['count'] = count($return[$i]['category']);
+ }
+ $return['count'] = $result['count'];
+
+ return $return;
+
+ }
+
+ }
+
+######################################################
+# ldapSearchGroup - csoport kereső függvény
+######################################################
+
+ function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) {
+
+ global $groupAttrToLDAP;
+
+ // A keresendő attribútum konvertálása LDAP attribútummá
+ if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ];
+ else $attrLDAP = $attr;
+ if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!!
+
+ // A lekérendő adtibútumok konvertálása LDAP attribútummá
+ for ($i = 0; $i < count($searchAttrs); $i++) {
+ if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ];
+ else $searchAttrsLDAP[$i] = $searchAttrs[$i];
+ }
+
+ $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=posixgroup)', $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ for ($j = 0; $j < count($searchAttrs); $j++) {
+ $a = $searchAttrs[$j];
+ if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') {
+ if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ];
+ else $return[$i][$a] = '';
+ } else {
+ $return[$i][$a] = $result[$i][$a];
+ }
+ }
+ }
+ $return['count'] = $result['count'];
+
+ return $return;
+
+ }
+
+ }
+
+######################################################
+# ldapDeleteAccount - account törlése
+######################################################
+
+ function ldapDeleteAccount($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ // $toPolicy --> ldap backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'ldap') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Az uidNumber, a homeDirectory lekerdezése
+ $filter = "(objectclass=posixAccount)";
+ $justthese = array('uidNumber','homedirectory');
+ $sr = @ldap_search($ds,$userDn,$filter,$justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ } ;
+
+ $uidinfo = @ldap_get_entries($ds,$sr);
+ $uidNumber = $uidinfo[0]['uidnumber'][0];
+ if (isset($uidinfo[0]['homedirectory'][0])) $homeDirectory = $uidinfo[0]['homedirectory'][0];
+ else $homeDirectory = '';
+ $uid=$userAccount;
+
+ // GroupDn, freeuid
+ $groupDn = "cn=$uid,ou=Groups".strstr($userDn,',');
+ $oinfo['freeuid'] = $uidNumber;
+
+ // user törlése
+ if (!@ldap_delete($ds,$userDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount;
+ }
+
+ // freeuid felvétele
+ if (!@ldap_mod_add($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo)) {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure:freeuid:'.$oinfo['freeuid'];
+ }
+
+ // csoport törlése
+ if (!@ldap_delete($ds,$groupDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupDn;
+ }
+
+ // törlés a csoportból
+ $filter = "(memberuid=$uid)";
+ $justthese = array('cn','objectclass','member');
+ $sr = @ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'],$filter,$justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:groups:".$userAccount;
+ ldap_close($ds);
+ return false;
+ } ;
+
+ $groupinfo = ldap_get_entries($ds,$sr);
+
+ for ($i = 0; $i < $groupinfo['count']; $i++) {
+ $grpinfo = array('memberuid' => $uid);
+ if (@in_array($userDn,$groupinfo[$i]['member'])) {
+ $grpinfo['member']=$userDn;
+ }
+ if (!@ldap_mod_del($ds,$groupinfo[$i]['dn'],$grpinfo)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:member:'.$groupinfo[$i]['dn'];
+ }
+ }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
+ return true;
+
+ }
+
+######################################################
+# ldapDeleteGroup - account törlése
+######################################################
+
+ function ldapDeleteGroup($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+
+ // $toPolicy --> ldap backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'ldap') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Az uidNumber, a homeDirectory lekerdezése
+ $filter = '(objectclass=posixGroup)';
+ $justthese = array('gidNumber');
+ $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = 'message:ldap_search_failure:'.$userDn;
+ ldap_close($ds);
+ return false;
+ } ;
+
+ $gidinfo = ldap_get_entries($ds, $sr);
+ $gidNumber = $gidinfo[0]['gidnumber'][0];
+
+ // freeGid
+ $oinfo['freegid'] = $gidNumber;
+
+ if (!@ldap_delete($ds, $groupDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn;
+ }
+
+ // freeuid felvétele
+ if (!@ldap_mod_add($ds, $AUTH[$toPolicy]['ldap base dn'], $oinfo)) {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure:freeGid:'.$oinfo['freegid'];
+ }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn;
+ return true;
+
+ }
+
+
+
+?>
diff --git a/mayor-orig/www/include/backend/ldapng/auth/login.php b/mayor-orig/www/include/backend/ldapng/auth/login.php
new file mode 100644
index 00000000..b24b4b96
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldapng/auth/login.php
@@ -0,0 +1,163 @@
+<?php
+/*
+ Auth-ldapng
+
+ A név-jelszó pár ellenőrzése LDAP adatbázis alapján
+*/
+
+/* --------------------------------------------------------------
+
+ Felhasználók azonosítása az LDAP-ban tárolt konfigurálható
+ osztályok alapján történik.
+
+ A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
+ konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php)
+
+ Sikeres hitelesítés esetén
+ az egyéb account információkat (minimálisan a 'cn', azaz 'common name'
+ attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
+
+ Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
+ elutasítás okát (ldap_connect_failure, ldap_bind_failure, ldap_search_failure, no_account, multi_uid,
+ account_disabled, bad_pw, account_warning, account_expired, warn_account_disable.
+
+-------------------------------------------------------------- */
+
+######################################################################
+# Az LDAP protocol version 3 kötelező,
+# referals=0 nélkül használhatatlanul lassú
+######################################################################
+
+ ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
+
+
+ function ldapngUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) {
+
+ global $AUTH;
+
+ if ($toPolicy == '') {
+ if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy'];
+// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy'];
+ else $toPolicy = _POLICY;
+ }
+
+ // Kapcsolódás a szerverhez
+ $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return _AUTH_FAILURE;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:userAuthentication:'.$AUTH[$toPolicy]['ldapUser'];
+ return _AUTH_FAILURE;
+ }
+
+ // Van-e adott azonosítójú felhasználó?
+ $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))";
+ $justthese = array("sn",$AUTH[$toPolicy]['ldapCnAttr'],$AUTH[$toPolicy]['ldapStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax");
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return _AUTH_FAILURE;
+ }
+ $info = ldap_get_entries($ds,$sr);
+
+ if ( $info['count'] === 0 || is_null($info)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10)
+ // Nincs ilyen userAccount (uid)
+ $_SESSION['alert'][] = "message:no_account:$userAccount";
+ ldap_close($ds);
+ return _AUTH_FAILURE_1;
+ }
+
+ if ( $info['count'] > 1 ) {
+ // Több ilyen uid is van
+ $_SESSION['alert'][] = "message:multi_uid";
+ ldap_close($ds);
+ return _AUTH_FAILURE_2;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen felhasználó
+
+
+ $accountInformation['cn'] = $info[0][ $AUTH[$toPolicy]['ldapCnAttr'] ][0];
+ $accountInformation['studyId'] = $info[0][ $AUTH[$toPolicy]['ldapStudyIdAttr'] ][0];
+
+ $accountInformation['dn'] = $info[0]['dn'];
+ $accountInformation['account'] = $userAccount;
+ // Lejárt-e
+ // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik
+ if ($info[0]['pwdlastset'][0] != '') { // A pwdLastSet és shadowLastChange közül a kisebbiket használjuk
+// if ($info[0]['shadowlastchange'][0] != '')
+// $info[0]['shadowlastchange'][0] = min(pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]), $info[0]['shadowlastchange'][0]);
+// else
+ $info[0]['shadowlastchange'][0] = pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]);
+ }
+ if ($info[0]['accountexpires'][0] != '') { // Az accountExpires és a shadowExpire közül a kisebbiket használjuk
+// if ($info[0]['shadowexpire'][0] != '')
+// $info[0]['shadowexpire'][0] = min(pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]), $info[0]['shadowexpire'][0]);
+// else
+ $info[0]['shadowexpire'][0] = pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]);
+ }
+ if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0];
+ if (
+ $info[0]['shadowmax'][0] != '' &&
+ (
+ !isset($expireTimestamp) ||
+ $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]
+ )
+ ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0];
+ // lejárt, ha lejárat ideje már elmúlt
+ $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24))));
+
+ // Le van-e tiltva
+ // Ha több mint shadowInactive napja lejárt
+ if ( // onDisabled: none | refuse
+ $AUTH[$toPolicy]['onDisabled'] == 'refuse' &&
+ isset($expireTimestamp) &&
+ $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24))
+ ) {
+ // Le van tiltva
+ $_SESSION['alert'][] = 'message:account_disabled';
+ ldap_close($ds);
+ return _AUTH_FAILURE_4;
+ } // onDisabled
+
+ // Jelszó ellenőrzés - lehet-e csatlakozni
+ if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) {
+ $_SESSION['alert'][] = 'message:bad_pw';
+ return _AUTH_FAILURE_3;
+ }
+
+ ldap_close($ds);
+ // Lejárt-e az azonosító
+ if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update
+ // Lejárt-e
+ $pwLejar = $expireTimestamp - floor(time()/(60*60*24));
+ if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) {
+ $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
+ return _AUTH_SUCCESS;
+ } elseif ($pwLejar <= 0) {
+ $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
+ if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar);
+ if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
+ return _AUTH_SUCCESS;
+ } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
+ return _AUTH_EXPIRED;
+ } else {
+ return _AUTH_FAILURE;
+ }
+ }
+ } // onExpired
+ // Ha idáig eljut, akkor minden rendben.
+ return _AUTH_SUCCESS;
+
+ } // count == 1
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldapng/base/attrs.php b/mayor-orig/www/include/backend/ldapng/base/attrs.php
new file mode 100644
index 00000000..2ea07778
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldapng/base/attrs.php
@@ -0,0 +1,137 @@
+<?php
+/*
+ Module: useradmin
+*/
+
+ if (file_exists('lang/'._LANG.'/backend/ldapng/attrs.php')) {
+ require('lang/'._LANG.'/backend/ldapng/attrs.php');
+ } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldapng/attrs.php')) {
+ require('lang/'._DEFAULT_LANG.'/backend/ldapng/attrs.php');
+ }
+
+######################################################
+# Alapértelmezett jogosultságok
+#
+# w - Írható/olvasható
+# r - olvasható
+# - - egyik sem
+#
+# Három karakter: admin, self, other jogai
+######################################################
+
+ define('_DEFAULT_LDAP_RIGHTS','wr-');
+
+######################################################
+# Az LDAP account attribútumok
+######################################################
+
+ global $ldapngAccountAttrs;
+ $ldapngAccountAttrs = array(
+ 'cn',
+ 'serialnumber',
+ 'uid',
+ 'uidnumber',
+ 'gidnumber',
+ 'unixhomedirectory',
+ 'loginshell',
+
+ 'shadowlastchange',
+ 'shadowexpire',
+ 'shadowwarning',
+ 'shadowmin',
+ 'shadowmax',
+ 'shadowinactive',
+
+/*
+ 'gecos',
+ 'mail',
+ 'telephonenumber',
+ 'mobile',
+ 'l',
+ 'street',
+ 'postaladdress',
+ 'postalcode',
+ 'homedirectory',
+*/
+ );
+
+ global $ldapngGroupAttrs;
+ $ldapngGroupAttrs = array(
+ 'cn',
+ 'description',
+ 'member',
+ 'name',
+ 'samaccountname',
+ 'objectcategory',
+ 'gidnumber', // ennek kellene lennie - mitől lesz?
+/* 'memberuid' */
+ );
+
+ global $accountAttrToLDAP; // Kis és nagybetű számít!!!
+ $accountAttrToLDAP = array(
+ 'userAccount' => 'uid',
+ 'userCn' => 'displayName',
+ 'mail' => 'mail',
+ 'studyId' => 'employeeNumber', // Ez konfig-ban külön van állítva, az itteni érték irreleváns
+ 'shadowLastChange' => 'shadowLastChange',
+ 'shadowWarning' => 'shadowWarning',
+ 'shadowMin' => 'shadowMin',
+ 'shadowMax' => 'shadowMax',
+ 'shadowExpire' => 'shadowExpire',
+ 'shadowInactive' => 'shadowInactive',
+ );
+
+ global $groupAttrToLDAP;
+ $groupAttrToLDAP = array(
+ 'groupCn' => 'cn',
+ 'groupDesc' => 'description',
+ 'member' => 'member',
+ );
+
+ global $ldapngAccountAttrDef;
+ $ldapngAccountAttrDef = array(
+ 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'),
+ 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'rrr'),
+ 'sn' => array('desc' => _LDAPSN, 'type' => 'text', 'rights' => 'wrr'),
+ 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'),
+ 'employeenumber' => array('desc' => _LDAPEMPLOYEENUMBER, 'type' => 'int', 'rights' => 'wrr'),
+ 'displayname' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'),
+ 'name' => array('desc' => _LDAPNAME, 'type' => 'text', 'rights' => 'r--'),
+ 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'),
+ 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
+ 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
+ 'mssfu30name' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'r--'),
+ 'unixhomedirectory' => array('desc' => _LDAPUNIXHOMEDIRECTORY, 'type' => 'text', 'rights' => 'wrr'),
+ 'loginshell' => array('desc' => _LDAPLOGINSHELL, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'),
+/*
+ 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'),
+ 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'),
+ 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'),
+ 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'),
+ 'l' => array('desc' => _LDAPL, 'type' => 'text'),
+ 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'),
+ 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'),
+ 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'),
+*/
+ );
+
+ global $ldapngGroupAttrDef;
+ $ldapngGroupAttrDef = array(
+ 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'rrr'),
+ 'name' => array('desc' => _LDAPNAME, 'type' => 'text','rights' => 'rrr'),
+ 'samaccountname' => array('desc' => _LDAPSAMACCOUNTNAME, 'type' => 'text','rights' => 'wrr'),
+ 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'),
+ 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'),
+ 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'),
+ 'objectcategory' => array('desc' => _LDAPOBJECTCATEGORY, 'type' => 'text','rights' => 'rrr'),
+
+ 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'),
+ );
+
+?>
diff --git a/mayor-orig/www/include/backend/ldapng/password/changePassword.php b/mayor-orig/www/include/backend/ldapng/password/changePassword.php
new file mode 100644
index 00000000..039dda5d
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldapng/password/changePassword.php
@@ -0,0 +1,160 @@
+<?php
+/*
+
+ Module: base/password
+
+ function changeMyPassword($userAccount, $userPassword, $newPassword, $verification)
+ A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására.
+ Ennek eldöntése a függvényt hívó program feladata
+*/
+
+############################################################################
+# Jelszó kódolása (az Active Directory ezt használja....)
+############################################################################
+
+function LDAPEncodePassword($password) {
+
+ return mb_convert_encoding("\"".$password."\"", "UTF-16LE", "UTF-8");
+
+}
+
+############################################################################
+# Saját jelszó megváltoztatása
+############################################################################
+
+/* *************************************************************************
+ A leírások szerint a felhasználó maga is megváltoztathatja jelszavát.
+ Ennek módja az unicodePw attribútum törlése (a régi jelszó értéke szerint),
+ és felvétele új értékkel - mindenz elvileg egy lépésben.
+
+ A PHP ldap_mod* függvények ezt az egy lépésben kétféle módosítást nem
+ támogatják. De a helyzet az, hogy a módosítás perl-ből és parancssorból
+ sem működik...
+************************************************************************* */
+
+function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') {
+
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy'];
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ $shadowLastChange = floor(time()/(60*60*24));
+
+ // Csatlakozzás az AD kiszolgálóhoz (SSL szükséges!)
+ $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ // nem sikerült csatlakozni
+ $_SESSION['alert'][] = 'message:ldap_failure';
+ return false;
+ }
+
+ // Az eredeti jelszó ellenőrzése - csatlakozással
+ $b_ok = ldap_bind($ds,$userDn,$userPassword);
+ if (!$b_ok) {
+ // Talán a régi jelszót elgépelte, vagy le van tiltva...
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn.':changeMyPassword - hibás a régi jelszó?';
+ ldap_close($ds);
+ return false;
+ }
+ $salt = generateSalt(8);
+ $info['userPassword'][0] = "{smd5}".base64_encode(md5($newPassword.$salt, true).$salt); // Az LDAP ezt majd még egyszer base64 encod-olja...
+ // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
+ // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
+ $info['shadowlastchange'][0] = $shadowLastChange;
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+
+ $r = ldap_mod_replace($ds,$userDn,$info);
+ ldap_close($ds);
+ if ($r) {
+ $_SESSION['alert'][] = 'info:pw_change_success';
+ return true;
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure';
+ return false;
+ }
+}
+
+############################################################################
+# Adminisztrátori jelszó változtatás
+############################################################################
+
+function generateSalt($len=8) {
+// https://github.com/splitbrain/dokuwiki/blob/master/inc/PassHash.class.php
+// Ez adja vissza a salt-ot (ha nincs benne sortörés...):
+// echo e3NtZDV9U3lNbnNGQ05OUHV6L2J4dHovekpzVVpFUVZGQw== | base64 -d | sed s/{smd5}// | base64 -d | cut -f 15-
+ $salt = '';
+ //$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+ //for($i=0;$i<$len;$i++) $salt .= $chars[mt_rand(0,61)];
+ $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+ for($i=0;$i<$len;$i++) $salt .= $chars[mt_rand(0,25)];
+ return $salt;
+}
+
+function changePassword($userAccount, $newPassword, $toPolicy = '') {
+
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = _POLICY;
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ $shadowLastChange = floor(time()/(60*60*24));
+
+ $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if ($ds) {
+ $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD);
+ if ($b_ok) {
+ $salt = generateSalt(8);
+ $info['userPassword'][0] = "{smd5}".base64_encode(md5($newPassword.$salt, true).$salt); // Az LDAP ezt majd még egyszer base64 encod-olja...
+ // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
+ // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
+ $info['shadowlastchange'][0] = $shadowLastChange;
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+ $r = @ldap_mod_replace($ds,$userDn,$info);
+ ldap_close($ds);
+ if ($r) {
+ $_SESSION['alert'][] = 'info:pw_change_success';
+ return true;
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure';
+ return false;
+ }
+
+ /* *************** */
+/* $info['unicodePwd'][0] = LDAPEncodePassword($newPassword);
+ // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
+ // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
+ $info['shadowLastChange'][0] = $shadowLastChange;
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+ $r = @ldap_mod_replace($ds,$userDn,$info);
+ ldap_close($ds);
+ if ($r) {
+ $_SESSION['alert'][] = 'info:pw_change_success';
+ return true;
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_modify_failure:changePassword';
+ return false;
+ }
+*/
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN.':changePassword';
+ ldap_close($ds);
+ return false;
+ }
+ } else {
+ $_SESSION['alert'][] = 'message:ldap_failure';
+ return false;
+ }
+}
+
+?>
diff --git a/mayor-orig/www/include/backend/ldapng/session/accountInfo.php b/mayor-orig/www/include/backend/ldapng/session/accountInfo.php
new file mode 100644
index 00000000..03761dca
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldapng/session/accountInfo.php
@@ -0,0 +1,399 @@
+<?php
+/*
+ Module: base/auth-ldapng
+ Backend: ldapng
+
+ function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '')
+ function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY)
+ function ldapGetUserInfo($userAccount, $toPolicy = _POLICY)
+ function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY)
+ function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY)
+
+*/
+
+######################################################
+# getLDAPInfo - általános LDAP lekérdezés
+######################################################
+
+
+ function getLDAPInfo($Dn, $attrList=array('cn'), $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $filter = '(objectclass=*)';
+ $sr = @ldap_search($ds, $Dn, $filter, $attrList);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$Dn;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+###########################################################
+# ldapGetAccountInfo - felhasználói információk (backend)
+###########################################################
+
+ function ldapngGetAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $backendAttrs, $backendAttrDef;
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($backendAttrDef as $attr => $def) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
+ else $return[$i][$attr] = array('count' => 0);
+ }
+ }
+ return $return[0];
+
+ }
+
+ }
+
+#############################################################
+# ldapGetUserInfo - felhasználói információk (keretrendszer)
+#############################################################
+
+ function ldapngGetUserInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $accountAttrToLDAP, $ldapAttrDef;
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']);
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + LDAP --> MaYoR schema
+ foreach ($accountAttrToLDAP as $attr => $ldapAttr) {
+ $ldapAttr = kisbetus($ldapAttr);
+ if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr];
+ else $return[$attr] = array('count' => 0);
+ }
+ return $return;
+
+ }
+
+ }
+
+###############################################################
+# ldapChangeAccountInfo - felhasználói információk módosítása
+###############################################################
+
+ function ldapngChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+ $_alert = array();
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+ $mod_info = $add_info = $del_info = Array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] == 'image') {
+ $file = $_FILES[$attr]['tmp_name'];
+ if (file_exists($file)) {
+ $fd = fopen($file,'r');
+ $values[0]=fread($fd,filesize($file));
+ fclose($fd);
+ } else {
+ // Sose töröljük!
+ $emptyAttrs[] = $attr;
+ }
+ } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
+ if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
+ $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
+ }
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr];
+ }
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
+ if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
+ } elseif (in_array($attr,$emptyAttrs)) {
+ if ($values[0] != '') $add_info[$attr] = $values;
+ } else {
+ if ($values[0] != '') {
+ $mod_info[$attr] = $values;
+ } else {
+ $del_info[$attr] = Array();
+ }
+ }
+
+ if (count($add_info)!=0) {
+ if (!@ldap_mod_add($ds,$userDn,$add_info)) {
+ $_alert[] = 'message:insufficient_access:add:'.$attr;
+ }
+ }
+ if (count($mod_info)!=0) {
+ if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) {
+ $_alert[] = 'message:insufficient_access:mod:'.$attr;
+ }
+ }
+ if (count($del_info)!=0) {
+ if (!@ldap_mod_del($ds,$userDn,$del_info)) {
+ $_alert[] = 'message:insufficient_access:del:'.$attr;
+ }
+ }
+
+ } else {
+// $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ ldap_close($ds);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+###########################################################
+# ldapGetGroupInfo - csoport információk (backend)
+###########################################################
+
+ function ldapngGetGroupInfo($groupCn, $toPolicy = _POLICY) {
+
+ global $backendAttrs, $backendAttrDef;
+
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+
+ $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // Accountok lekérdezése
+ $info = getLDAPaccounts($toPolicy);
+ for ($i = 0; $i < $info['count']; $i++) {
+ $accountUid[] = array(
+ 'value' => $info[$i]['uid'][0],
+ 'txt' => $info[$i]['displayname'][0]
+ );
+ $accountDn[] = array(
+ 'value' => $info[$i]['dn'],
+ 'txt' => $info[$i]['displayname'][0]
+ );
+ }
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($backendAttrDef as $attr => $def) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
+ else $return[$i][$attr] = array('count' => 0);
+ }
+ $return[$i]['member']['new'] = $accountDn;
+ $return[$i]['memberuid']['new'] = $accountUid;
+ }
+
+ return $return[0];
+
+ }
+
+ }
+
+###############################################################
+# ldapChangeGroupInfo - csoport információk módosítása
+###############################################################
+
+ function ldapngChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
+
+// !!!! A memberuid / member szinkronjára nem figyel!!
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+ $_alert = array();
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+
+ $mod_info = $add_info = $del_info = Array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] == 'image') {
+ $file = $_FILES[$attr]['tmp_name'];
+ if (file_exists($file)) {
+ $fd = fopen($file,'r');
+ $values[0]=fread($fd,filesize($file));
+ fclose($fd);
+ } else {
+ // Sose töröljük!
+ $emptyAttrs[] = $attr;
+ }
+ } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
+ if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
+ $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
+ }
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '')
+ if (isset($_POST[$attr])) $values[0] = $_POST[$attr];
+ else $values[0] = '';
+ }
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
+ if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
+ } elseif (in_array($attr,$emptyAttrs)) {
+ if ($values[0] != '') $add_info[$attr] = $values;
+ } else {
+ if ($values[0] != '') {
+ $mod_info[$attr] = $values;
+ } else {
+ $del_info[$attr] = Array();
+ }
+
+ }
+
+ if (count($add_info)!=0) {
+ if (!@ldap_mod_add($ds,$groupDn,$add_info)) {
+ $_alert[] = 'message:insufficient_access:add:'.$attr;
+ }
+ }
+ if (count($mod_info)!=0) {
+ if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) {
+ $_alert[] = 'message:insufficient_access:mod:'.$attr;
+ }
+ }
+ if (count($del_info)!=0) {
+ if (!@ldap_mod_del($ds,$groupDn,$del_info)) {
+ $_alert[] = 'message:insufficient_access:del:'.$attr;
+ }
+ }
+
+ } else {
+// $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ ldap_close($ds);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+ function getLDAPaccounts($toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $attrList = array('cn','uid','displayName','samaccountname');
+ $filter = '(&(objectclass=person)(!(objectclass=computer)))';
+ $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $attrList);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ }
+
+ ldap_sort($ds, $sr, 'displayname');
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+
+?>
diff --git a/mayor-orig/www/include/backend/ldapng/session/base.php b/mayor-orig/www/include/backend/ldapng/session/base.php
new file mode 100644
index 00000000..a4eff43d
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldapng/session/base.php
@@ -0,0 +1,190 @@
+<?php
+/*
+ Module: base/session
+ Backend: ldapng
+
+ function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY)
+ function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY)
+
+*/
+
+ require('include/backend/ldapng/base/attrs.php');
+
+ ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
+
+ if ($AUTH[_POLICY]['backend'] == 'ldapng') {
+ /* why not put into session cache */
+ if ($AUTH[_POLICY]['cacheable']=='yes') {
+ $userDn = _queryCache('RDN',_POLICY,'value');
+ }
+ if (!isset($userDn)) $userDn = LDAPuserAccountToDn();
+ define('_USERDN', $userDn);
+ if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY);
+ unset($userDn);
+ }
+
+######################################################
+# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése
+######################################################
+
+ function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // Van-e adott azonosítójú felhasználó?
+ $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))";
+ $justthese=array($AUTH[$toPolicy]['ldapCnAttr']);
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return false;
+ }
+ $info=ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen userAccount (uid)
+ $_SESSION['alert'][] = "message:no_account:$userAccount";
+ return false;
+ } elseif ( $info['count'] > 1 ) {
+ // Több ilyen uid is van
+ $_SESSION['alert'][] = "message:multi_uid:$userAccount";
+ return false;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen felhasználó
+ return $info[0]['dn'];
+ }
+
+ }
+
+
+######################################################
+# A groupCn(cn)-hez tartozó dn lekérdezése
+######################################################
+
+ function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Nézzük, hogy van-e át"map"-elt csoport!
+ if (isset($AUTH[$toPolicy]['categoryMap'][ekezettelen($groupCn)])) {
+ return $AUTH[$toPolicy]['categoryMap'][ekezettelen($groupCn)];
+ }
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // Van-e ilyen csoport?
+ $filter="(&(".$AUTH[$toPolicy]['ldapGroupCnAttr']."=$groupCn)(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass']."))";
+ $justthese=array($AUTH[$toPolicy]['ldapGroupCnAttr']);
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return false;
+ }
+ $info=ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó...
+ if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn";
+ return false;
+ } elseif ( $info['count'] > 1 ) {
+ // Több ilyen cn is van
+ $_SESSION['alert'][] = "message:multi_gid:$groupCn";
+ return false;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen csoport
+ return $info[0]['dn'];
+ }
+
+ }
+
+######################################################
+# memberOf - csoport tag-e
+######################################################
+
+ function ldapngMemberOf($userAccount, $group, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ /* Kis hack: csoport-tagság helyett vizsgáljuk előbb a megfelelő szervezeti egységet... de ezt nem biztos, hogy érdemes... */
+ if (in_array($group, $AUTH[$toPolicy]['categories'])) {
+ if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true;
+ }
+
+ if (substr($group,0,3) != 'cn=') {
+ $groupDn = LDAPgroupCnToDn(ekezettelen($group));
+ if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában
+ } else {
+ $groupDn = $group;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $justthese = array('cn'); // valamit le kell kérdezni...
+ // OpenLDAP a tagok azonosítóját tárolja el (memberUid), más rendszerek a dn-t (member)
+ $filter = "(&(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(|(member=$userDn)(memberUid=$userAccount)))";
+ $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:group=$group; filter=".$filter;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = ldap_get_entries($ds, $sr);
+ ldap_close($ds);
+
+ if ($info['count'] > 0) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldapng/session/createAccount.php b/mayor-orig/www/include/backend/ldapng/session/createAccount.php
new file mode 100644
index 00000000..96a5b557
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldapng/session/createAccount.php
@@ -0,0 +1,157 @@
+<?php
+/*
+ Modules: base/session
+*/
+
+ require_once('include/backend/ldapng/password/changePassword.php');
+
+ /*
+ $SET = array(
+ container => a konténer elem - ha nincs, akkor CN=Users alá rakja
+ category => tanár, diák... egy kiemelt fontosságú csoport tagság
+ groups => egyéb csoportok
+ policyAttrs => policy függő attribútumok
+ )
+ */
+ function ldapngCreateAccount(
+ $userCn, $userAccount, $userPassword, $toPolicy, $SET
+ ) {
+
+ global $AUTH;
+
+ $shadowLastChange = floor(time() / (60*60*24));
+
+ // $toPolicy --> ldap backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'ldapng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = $ginfo = Array();
+
+ // uid ütközés ellenőrzése
+ $filter = "(sAMAccountName=$userAccount)";
+ $justthese = array('sAMAccountName');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ $uinfo = ldap_get_entries($ds, $sr);
+ $uidCount = $uinfo['count'];
+ ldap_free_result($sr);
+ if ($uidCount > 0) {
+ $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount;
+ return false;
+ }
+
+ // Az következő uidNumber megállapítása
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(uidNumber=*))";
+ $justthese = array('uidNumber', 'msSFU30UidNumber');
+ $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ ldap_sort($ds, $sr, 'uidNumber');
+ $uinfo = ldap_get_entries($ds, $sr);
+ ldap_free_result($sr);
+ if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1);
+ else $info['uidNumber'] = array(1001);
+
+ // shadow attributumok...
+ // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '')
+ $info['shadowLastChange'] = array($shadowLastChange);
+ if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']);
+ if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']);
+ if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']);
+ if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']);
+ if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']);
+
+ // A szokásos attribútumok
+ $Name = explode(' ',$userCn);
+ $Dn = ldap_explode_dn($AUTH[$toPolicy]['ldapBaseDn'], 1); unset($Dn['count']);
+ $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn));
+ $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount);
+ $info['displayName'] = array($userCn);
+ $info['sn'] = array($Name[0]);
+ $info['givenName'] = array($Name[ count($Name)-1 ]);
+ $info['unixUserPassword'] = array('ABCD!efgh12345$67890');
+ $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount"));
+ $info['loginShell'] = array('/bin/bash');
+ $info['objectClass'] = array($AUTH[$toPolicy]['ldapUserObjectClass'], 'user');
+
+ $policyAccountAttrs = $SET['policyAttrs'];
+ if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['ldapStudyIdAttr'] ] = array($policyAccountAttrs['studyId']);
+ foreach ($policyAccountAttrs as $attr => $value)
+ if ($attr != 'studyId' && isset($accountAttrToLDAP[$attr]))
+ $info[ $accountAttrToLDAP[$attr] ] = array($value);
+
+ if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container'];
+ else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['ldapBaseDn'];
+
+ // user felvétel
+ $_r1 = @ldap_add($ds,$dn,$info);
+ if (!$_r1) {
+ $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds);
+ //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
+ return false;
+ }
+
+ // Jelszó beállítás
+ if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount;
+
+ // Engedélyezés
+ $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */
+ $_r1 = @ldap_mod_replace($ds,$dn,$einfo);
+ if (!$_r1) {
+ $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds);
+ //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
+ return false;
+ }
+
+ // Kategória csoportba és egyéb csoportokba rakás
+ if (isset($SET['category'])) {
+ if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']);
+ else $SET['groups'] = array($SET['category']);
+
+ $ginfo['member'] = $dn;
+
+ for ($i = 0; $i < count($SET['groups']); $i++) {
+ $groupDn = LDAPgroupCnToDn($SET['groups'][$i], $toPolicy);
+ if ($groupDn !== false) {
+ $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo);
+ if (!$_r3) {
+ $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds);
+ //echo $SET['groups'][$i].'<pre>'; var_dump($ginfo); echo '</pre>';
+ }
+ }
+ }
+ }
+
+ ldap_close($ds);
+
+ if (defined('_DATADIR')
+ && isset($AUTH[$toPolicy]['createAccountScript'])
+ && file_exists(_DATADIR)
+ ) {
+ $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+');
+ if ($sfp) {
+ fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n");
+ fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n");
+ fclose($sfp);
+ }
+ }
+ $_SESSION['alert'][] = 'info:create_uid_success:'.$dn;
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldapng/session/createGroup.php b/mayor-orig/www/include/backend/ldapng/session/createGroup.php
new file mode 100644
index 00000000..78def54d
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldapng/session/createGroup.php
@@ -0,0 +1,82 @@
+<?php
+/*
+ Modules: base/session
+*/
+
+
+ function ldapngCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = array()) {
+
+ global $AUTH;
+ $category = ekezettelen($SET['category']);
+
+ // $toPolicy --> ldap backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'ldapng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = $ginfo = Array();
+
+ // cn ütközés ellenőrzése
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(cn=$groupCn))";
+ $justthese = array('cn');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ $ginfo = ldap_get_entries($ds, $sr);
+ $gCount = $ginfo['count'];
+ ldap_free_result($sr);
+ if ($gCount > 0) {
+ $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn;
+ return false;
+ }
+
+ // Az következő gidNumber megállapítása
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(gidNumber=*))";
+ $justthese = array('gidNumber', 'msSFU30GidNumber');
+ $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ ldap_sort($ds, $sr, 'gidNumber');
+ $ginfo = ldap_get_entries($ds, $sr);
+ ldap_free_result($sr);
+ if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1);
+ else $info['gidNumber'] = array(1001);
+
+ // A szokásos attribútumok
+ $info['sAMAccountName'] = $info['cn'] = array($groupCn);
+ $info['description'] = array($groupDesc);
+
+ // A kategória függő attribútumok
+ if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container'];
+ else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['ldapBaseDn'];
+
+ // objectum osztályok
+ $info['objectClass'] = array($AUTH[$toPolicy]['ldapGroupObjectClass']);
+
+ // csoport felvétel
+ $_r1 = ldap_add($ds,$dn,$info);
+ if (!$_r1) {
+ printf("LDAP-Error: %s<br>\n", ldap_error($ds));
+ var_dump($info);
+ }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php
new file mode 100644
index 00000000..74d285e6
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php
@@ -0,0 +1,271 @@
+<?php
+/*
+ Module: base/session
+ Backend: ldapng
+
+ ! -- Csak publikus mezőkre lehet keresni! -- !
+ function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)')
+ function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'))
+ function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') {
+
+*/
+
+######################################################
+# Általános LDAP kereső függvény
+######################################################
+
+ function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ if ($pattern == '') {
+ $_SESSION['alert'][] = 'message:empty_field';
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure:LDAPSearch';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $filter = "(&$filter($attr=*$pattern*))";
+ $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $searchAttrs);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = @ldap_get_entries($ds,$sr);
+
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+######################################################
+# ldapSearchAccount - felhasználó kereső függvény
+######################################################
+
+ function ldapngSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
+
+ global $accountAttrToLDAP, $AUTH;
+
+ // A keresendő attribútum konvertálása LDAP attribútummá
+ if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ];
+ else $attrLDAP = $attr;
+ if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!!
+
+ // A lekérendő attribútumok konvertálása LDAP attribútummá
+ for ($i = 0; $i < count($searchAttrs); $i++) {
+ if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ];
+ else $searchAttrsLDAP[$i] = $searchAttrs[$i];
+ }
+ $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass='.$AUTH[$toPolicy]['ldapUserObjectClass'].')', $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']);
+ for ($j = 0; $j < count($searchAttrs); $j++) {
+ $a = $searchAttrs[$j];
+ if (isset($result[$i][ kisbetus($accountAttrToLDAP[$a]) ])) {
+ if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToLDAP[$a]) ];
+ else $return[$i][$a] = $result[$i][$a];
+ } else {
+ $return[$i][$a] = array('count' => 0) ;
+ }
+ }
+ $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy);
+ $return[$i]['category']['count'] = count($return[$i]['category']);
+ }
+ $return['count'] = $result['count'];
+
+ return $return;
+
+ }
+
+ }
+
+######################################################
+# ldapSearchGroup - csoport kereső függvény
+######################################################
+
+ function ldapngSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) {
+
+ global $groupAttrToLDAP, $AUTH;
+
+ // A keresendő attribútum konvertálása LDAP attribútummá
+ if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ];
+ else $attrLDAP = $attr;
+ if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!!
+
+ // A lekérendő adtibútumok konvertálása LDAP attribútummá
+ for ($i = 0; $i < count($searchAttrs); $i++) {
+ if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ];
+ else $searchAttrsLDAP[$i] = $searchAttrs[$i];
+ }
+
+ $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass='.$AUTH[$toPolicy]['ldapGroupObjectClass'].')', $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ for ($j = 0; $j < count($searchAttrs); $j++) {
+ $a = $searchAttrs[$j];
+ if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') {
+ if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ];
+ else $return[$i][$a] = '';
+ } else {
+ $return[$i][$a] = $result[$i][$a];
+ }
+ }
+ }
+ $return['count'] = $result['count'];
+
+ return $return;
+
+ }
+
+ }
+
+######################################################
+# ldapDeleteAccount - account törlése
+######################################################
+
+ function ldapngDeleteAccount($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // $toPolicy --> ldapng backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'ldapng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:ldapng!='.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ if ($userDn === false) return false;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Az uidNumber, a unixHomeDirectory lekerdezése
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(!(objectclass=computer)))";
+ $justthese = array('uidNumber','unixHomedirectory');
+ $sr = @ldap_search($ds,$userDn,$filter,$justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ } ;
+
+ $info = @ldap_get_entries($ds,$sr);
+ $uidNumber = $info[0]['uidnumber'][0];
+ $homeDirectory = $info[0]['unixhomedirectory'][0];
+ $uid=$userAccount;
+
+ // user törlése
+ if (!@ldap_delete($ds,$userDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount;
+ }
+
+ ldap_close($ds);
+
+ /*
+ Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait.
+ A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter
+ lista: userAccount, uidNumber, homeDirectory
+ */
+ if (defined('_DATADIR')
+ && isset($AUTH[$toPolicy]['deleteAccountScript'])
+ && file_exists(_DATADIR)
+ ) {
+ $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+');
+ if ($sfp) {
+ fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n");
+ fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n");
+ fclose($sfp);
+ }
+ }
+
+ $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
+ return true;
+
+ }
+
+######################################################
+# ldapDeleteGroup - account törlése
+######################################################
+
+ function ldapngDeleteGroup($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // $toPolicy --> ldapng backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'ldapng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:ldapng!='.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+ if ($groupDn === false) return false;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ if (!@ldap_delete($ds, $groupDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn;
+ }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn;
+ return true;
+
+ }
+
+
+?>
diff --git a/mayor-orig/www/include/backend/mysql/auth/login.php b/mayor-orig/www/include/backend/mysql/auth/login.php
new file mode 100644
index 00000000..caa7929d
--- /dev/null
+++ b/mayor-orig/www/include/backend/mysql/auth/login.php
@@ -0,0 +1,144 @@
+<?php
+/*
+ Auth-MySQL
+
+ A név-jelszó pár ellenőrzése MySQL adattábla alapján
+ */
+
+/* --------------------------------------------------------------
+
+Az adattábla szerkezete:
+
+create table userAccounts (
+userId int unsigned primary key auto_increment not null,
+userAccount varchar(32),
+policy varchar(10),
+userPassword varchar(32),
+userCn varchar(64)
+);
+
+A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
+konstansok valamelyikével tér vissza.
+
+Sikeres hitelesítés esetén
+az egyéb account információkat (minimálisan a 'cn', azaz 'teljes név
+attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
+
+Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
+elutasítás okát.
+
+Shadow attribútumok:
+
+Login name
+Encrypted password
+shadowLastChanged
+1970. január 1-étől az utolsó jelszó módosításig eltelt napok száma
+Days since Jan 1, 1970 that password was last changed
+shadowMin
+Jelszóváltoztatás után ennyi napig nem lehet ismét jelszót változtatni
+Days before password may be changed
+shadowMax
+Jelszóváltoztatás után ennyi nappal már kötelező a jelszóváltoztatás
+Days after which password must be changed
+shadowWarning
+A jelszó érvényességének lejártát ennyi nappal előbb jelezi a rendsze
+Days before password is to expire that user is warned
+shadowInactive
+A jelszó érvényességének lejárta után ennyi nappal az felhasználói fiók letiltásra kerül
+Days after password expires that account is disabled
+shadowExpire
+Az előzőektől függetlenül a felhasználói fiók letiltásra kerül 1970. január 1-étől számított ennyiedik napo
+Days since Jan 1, 1970 that account is disabled
+
+-------------------------------------------------------------- */
+
+function mysqlUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ $modul = "$toPolicy auth";
+ $lr = db_connect($modul, array('fv' => 'userAuthentication/sql'));
+ if (!$lr) return _AUTH_FAILURE;
+
+ // Van-e ilyen azonosító
+ $q = "SELECT COUNT(*) FROM accounts WHERE userAccount='%s' AND policy='%s'";
+ $num = db_query($q, array('fv' => 'userAuthentication', 'modul' => $modul, 'result' => 'value', 'values' => array($userAccount, $toPolicy)), $lr);
+ if ($num == 0) {
+ // Nincs ilyen azonosító
+ $_SESSION['alert'][] = 'message:no_account:'."$userAccount:$toPolicy";
+ db_close($lr);
+ return _AUTH_FAILURE_1;
+ } elseif ($num > 1) {
+ // Több ilyen azonosító is va
+ $_SESSION['alert'][] = 'message:multy_uid';
+ db_close($lr);
+ return _AUTH_FAILURE_2;
+ }
+
+ // Ha csak egy van, akkor jó-e a jelszava
+ $q = "SELECT userCn, studyId, shadowLastChange, shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire
+ FROM accounts WHERE userAccount='%s' AND userPassword=sha('%s') AND policy='%s'";
+ $ret = db_query($q, array('fv' => 'userAuthentication', 'modul' => 'login', 'result' => 'record', 'values' => array($userAccount, $userPassword, $toPolicy)), $lr);
+ db_close($lr);
+ if (!is_array($ret) || count($ret) == 0) {
+ // Nincs ilyen rekord => rossz a jelszó
+ $_SESSION['alert'][] = 'message:bad_pw';
+ return _AUTH_FAILURE_3;
+ } else {
+ // Ha van, akkor csak egy ilyen sor lehet
+ $accountInformation['cn'] = $ret['userCn'];
+ $accountInformation['studyId'] = $ret['studyId'];
+ $shadowLastChange = $ret['shadowLastChange'];
+ $shadowMin = $ret['shadowMin'];
+ $shadowMax = $ret['shadowMax'];
+ $shadowWarning = $ret['shadowWarning'];
+ $shadowInactive = $ret['shadowInactive'];
+ $shadowExpire = $ret['shadowExpire'];
+
+ // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik
+ if (intval($shadowExpire) != 0) $expireTimestamp = $shadowExpire;
+ if (
+ intval($shadowMax) != 0 &&
+ (
+ !isset($expireTimestamp) ||
+ $expireTimestamp > $shadowLastChange + $shadowMax
+ )
+ ) $expireTimestamp = $shadowLastChange + $shadowMax;
+ // lejárt, ha lejárat ideje már elmúlt
+ $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24))));
+
+ // Le van-e tiltva
+ if ( // onDisabled: none | refuse
+ $AUTH[$toPolicy]['onDisabled'] == 'refuse' &&
+ isset($expireTimestamp) &&
+ $expireTimestamp + $shadowInactive <= floor(time()/(60*60*24))
+ ) {
+ // Le van tiltva
+ $_SESSION['alert'][] = 'message:account_disabled:'.strval(floor(time()/(60*60*24)));
+ return _AUTH_FAILURE_4;
+ } // onDisabled
+
+ // Lejárt-e az azonosító
+ if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update
+ // Lejárt-e
+ $pwLejar = $expireTimestamp - floor(time()/(60*60*24));
+ if (0 < $pwLejar && $pwLejar < $shadowWarning) {
+ $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
+ return _AUTH_SUCCESS;
+ } elseif ($pwLejar <= 0) {
+ $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
+ if ($AUTH[$toPolicy]['onDisabled'] == 'refuse')
+ $_SESSION['alert'][] = 'info:warn_account_disable:'.($shadowInactive+$pwLejar);
+ if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
+ return _AUTH_SUCCESS;
+ } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
+ return _AUTH_EXPIRED;
+ }
+ }
+ } // onExpired
+ return _AUTH_SUCCESS;
+
+ }
+}
+
+?>
diff --git a/mayor-orig/www/include/backend/mysql/base/attrs.php b/mayor-orig/www/include/backend/mysql/base/attrs.php
new file mode 100644
index 00000000..b945d764
--- /dev/null
+++ b/mayor-orig/www/include/backend/mysql/base/attrs.php
@@ -0,0 +1,48 @@
+<?php
+
+ if (file_exists('lang/'._LANG.'/backend/mysql/attrs.php')) {
+ require('lang/'._LANG.'/backend/mysql/attrs.php');
+ } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/mysql/attrs.php')) {
+ require('lang/'._DEFAULT_LANG.'/backend/mysql/attrs.php');
+ }
+
+######################################################
+# Alapértelmezett jogosultságok
+#
+# w - Írható/olvasható
+# r - olvasható
+# - - egyik sem
+#
+# Három karakter: admin, self, other jogai
+######################################################
+
+ define('_DEFAULT_MYSQL_RIGHTS','wr-');
+
+ global $mysqlAccountAttrDef;
+ $mysqlAccountAttrDef = array(
+ 'uid' => array('desc' => _MYSQLUID, 'type' => 'text', 'rights' => 'rrr'),
+ 'policy' => array('desc' => _MYSQLPOLICY, 'type' => 'text', 'rights' => 'r--'),
+ 'useraccount' => array('desc' => _MYSQLUIDNUMBER, 'type' => 'text','rights' => 'r--'),
+ 'userCn' => array('desc' => _MYSQLCN, 'type' => 'text', 'rights' => 'wrr'),
+ 'studyId' => array('desc' => _MYSQLSTUDYID, 'type' => 'int', 'rights' => 'wrr'),
+ 'mail' => array('desc' => _MYSQLMAIL, 'type' => 'text', 'rights' => 'wwr'),
+ 'telephoneNumber' => array('desc' => _MYSQLTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'),
+// 'userPassword' => array('desc' => _MYSQLUSERPASSWORD, 'type' => 'text', 'rights' => 'r--'),
+ 'shadowLastChange' => array('desc' => _MYSQLSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowExpire' => array('desc' => _MYSQLSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowWarning' => array('desc' => _MYSQLSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowMin' => array('desc' => _MYSQLSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowMax' => array('desc' => _MYSQLSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'),
+ 'shadowInactive' => array('desc' => _MYSQLSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'),
+ );
+
+ global $mysqlGroupAttrDef;
+ $mysqlGroupAttrDef = array(
+ 'gid' => array('desc' => _MYSQLGID, 'type' => 'text', 'rights' => 'rrr'),
+ 'groupDesc' => array('desc' => _MYSQLGROUPDESC, 'type' => 'text', 'rights' => 'wrr'),
+ 'policy' => array('desc' => _MYSQLPOLICY, 'type' => 'int', 'rights' => 'r--'),
+ 'member' => array('desc' => _MYSQLMEMBER, 'type' => 'select', 'rights' => 'w--'),
+ );
+
+
+?>
diff --git a/mayor-orig/www/include/backend/mysql/password/changePassword.php b/mayor-orig/www/include/backend/mysql/password/changePassword.php
new file mode 100644
index 00000000..2875bace
--- /dev/null
+++ b/mayor-orig/www/include/backend/mysql/password/changePassword.php
@@ -0,0 +1,75 @@
+<?php
+/*
+ Module: base/password
+
+ function changeMyPassword($userAccount, $userPassword, $newPassword, $verification)
+ A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására.
+ Ennek eldöntése a függvényt hívó program feladata
+ */
+
+############################################################################
+# Saját jelszó megváltoztatása
+############################################################################
+
+function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') {
+
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy'];
+ $shadowLastChange = floor(time()/(60*60*24));
+
+ $modul = "$toPolicy auth";
+ $lr = db_connect($modul, array('fv' => 'changeMyPassword'));
+
+ if (!$lr) return false;
+
+ // Stimmel-e az azonosító/jelszó/policy hármas
+ $q = "SELECT COUNT(*) FROM accounts WHERE userAccount='%s' AND userPassword=sha('%s') AND policy='%s'";
+ $num = db_query($q, array('fv' => 'changeMyPassword', 'modul' => $modul, 'result' => 'value', 'values' => array($userAccount, $userPassword, $toPolicy)), $lr);
+ if ($num != 1) {
+ $_SESSION['alert'][] = 'message:bad_pw:changeMyPassword';
+ db_close($lr);
+ return false;
+ }
+
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $shadowExpire = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $shadowExpire = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+ $q = "UPDATE accounts SET userPassword=sha('%s'), shadowLastChange=%u, shadowExpire=%u
+ WHERE userAccount='%s' and policy='%s'";
+ $v = array($newPassword, $shadowLastChange, $shadowExpire, $userAccount, $toPolicy);
+ $r = db_query($q, array('fv' => 'changeMyPassword', 'modul' => $modul, 'values' => $v), $lr);
+ db_close($lr);
+ if ($r) $_SESSION['alert'][] = 'info:pw_change_success';
+ return $r;
+
+}
+
+############################################################################
+# Adminisztrátori jelszó változtatás
+############################################################################
+
+function changePassword($userAccount, $newPassword, $toPolicy = '') {
+
+ global $AUTH;
+
+ if ($toPolicy == '') $toPolicy = _POLICY;
+ $shadowLastChange = floor(time()/(60*60*24));
+ if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
+ $shadowExpire = $AUTH[$toPolicy]['shadowExpire'];
+ } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
+ $shadowExpire = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
+ }
+ $shadowExpire = intval($shadowExpire);
+ $q = "UPDATE accounts SET userPassword=sha('%s'), shadowLastChange=%u, shadowExpire=%u
+ WHERE userAccount='%s' and policy='%s'";
+ $v = array($newPassword, $shadowLastChange, $shadowExpire, $userAccount, $toPolicy);
+ $r = db_query($q, array('fv' => 'changePassword', 'modul' => "$toPolicy auth", 'values' => $v));
+ if ($r) $_SESSION['alert'][] = 'info:pw_change_success';
+ return $r;
+
+}
+
+?>
diff --git a/mayor-orig/www/include/backend/mysql/session/accountInfo.php b/mayor-orig/www/include/backend/mysql/session/accountInfo.php
new file mode 100644
index 00000000..113e380b
--- /dev/null
+++ b/mayor-orig/www/include/backend/mysql/session/accountInfo.php
@@ -0,0 +1,258 @@
+<?php
+/*
+ Module: base/auth-mysql
+ Backend: mysql
+
+ function mysqlGetAccountInfo($userAccount, $toPolicy = _POLICY)
+ function mysqlGetUserInfo($userAccount, $toPolicy = _POLICY)
+ function mysqlChangeAccountInfo($userAccount, $toPolicy = _POLICY)
+ function mysqlGetGroupInfo($groupCn, $toPolicy = _POLICY)
+
+*/
+
+###########################################################
+# mysqlGetAccountInfo - felhasználói információk (backend)
+###########################################################
+
+ function mysqlGetAccountInfo($userAccount, $toPolicy = _POLICY, $SET = array()) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ // Keresés
+ if (is_array($SET['justThese']) && count($SET['justThese']) > 0) {
+ $_THESE = '`'.implode('`,`', array_fill(0, count($SET['justThese']), '%s')).'`';
+ $v = $SET['justThese'];
+ } else {
+ $_THESE = '*';
+ $v = array();
+ }
+ $q = "SELECT $_THESE FROM accounts WHERE userAccount='%s' AND policy='%s'";
+ array_push($v, $userAccount, $toPolicy);
+ $A = db_query($q, array('fv' => 'mysqlGetAccountInfo', 'modul' => "$toPolicy auth", 'result' => 'record', 'values' => $v), $lr);
+ if (!is_array($A) || count($A) == 0) return false;
+
+ $data = array();
+ foreach ($A as $attr => $value) $data[$attr][] = $value;
+ foreach ($data as $attr => $array) $data[$attr]['count'] = count($array);
+
+ return $data;
+
+ }
+
+#############################################################
+# mysqlGetUserInfo - felhasználói információk (keretrendszer)
+#############################################################
+
+ function mysqlGetUserInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
+
+ // Keresés
+ $q = "SELECT userAccount,userCn FROM accounts WHERE userAccount='%s' AND policy='%s'";
+ $A = db_query($q, array('fv' => 'mysqlGetUserInfo', 'modul' => "$toPolicy auth", 'result' => 'record', 'values' => array($userAccount, $toPolicy)));
+ if (!is_array($A) || count($A) == 0) return false;
+ $ret = array();
+ foreach ($A as $attr => $value) $ret[$attr][] = $value;
+ return $ret;
+
+ }
+
+###############################################################
+# mysqlChangeAccountInfo - felhasználói információk módosítása
+###############################################################
+
+ function mysqlChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ // Kapcsolódás az MySQL szerverhez
+ $modul = "$toPolicy auth";
+ $lr = db_connect($modul, array('fv' => 'mysqlChangeAccountInfo'));
+ if (!$lr) return false;
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_MYSQL_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+
+ $value = '';
+
+ if ($backendAttrDef[$attr]['type'] == 'int') {
+ if ($backendAttrDef[$attr]['type'] != '' ) $value = readVariable($_POST[$attr], 'number');
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '' ) $value = readVariable($_POST[$attr], 'string'); // html túl erős: pl email címben a @ fent akad...
+ }
+
+ if (in_array($attr,$emptyAttrs)) {
+ if ($value != '') {
+ $q = "UPDATE accounts SET `%s`='%s' WHERE userAccount='%s' AND policy='%s'";
+ $v = array($attr, $value, $userAccount, $toPolicy);
+ }
+ } else {
+ if ($value != '') {
+ $q = "UPDATE accounts SET `%s`='%s' WHERE userAccount='%s' AND policy='%s'";
+ $v = array($attr, $value, $userAccount, $toPolicy);
+ } else {
+ $q = "UPDATE accounts SET `%s`=NULL WHERE userAccount='%s' AND policy='%s'";
+ $v = array($attr, $userAccount, $toPolicy);
+ }
+ }
+ db_query($q, array('fv' => 'mysqlChangeAccountInfo', 'modul' => $modul, 'values' => $v), $lr);
+
+ } else {
+ // $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ db_close($lr);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i = 0; $i < count($_alert); $i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+###########################################################
+# mysqlGetGroupInfo - csoport információk (backend)
+###########################################################
+
+ function mysqlGetGroupInfo($groupCn, $toPolicy = _POLICY, $SET = array()) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
+
+ // Kapcsolódás az MySQL szerverhez
+ $modul = "$toPolicy auth";
+ $lr = db_connect($modul, array('fv' => 'mysqlGetGroupInfo'));
+ if (!$lr) return false;
+
+ // Keresés
+ if (is_array($SET['justThese']) && count($SET['justThese']) > 0) {
+ $_THESE = '`'.implode('`,`', array_fill(0, count($SET['justThese']), '%s')).'`';
+ $v = $SET['justThese'];
+ } else {
+ $_THESE = '*';
+ $v = array();
+ }
+ $q = "SELECT $_THESE FROM groups WHERE groupCn='%s' AND policy='%s'";
+
+ array_push($v, $groupCn, $toPolicy);
+ $A = db_query($q, array('fv' => 'mysqlGetGroupInfo', 'modul' => $modul, 'result' => 'record', 'values' => $v), $lr);
+ if (!is_array($A) || count($A) == 0) { db_close($lr); return false; }
+ // Megfelelő formátum kialakítása
+ foreach ($A as $attr => $value) $data[$attr][] = $value;
+ foreach ($data as $attr => $array) $data[$attr]['count'] = count($array);
+
+ // tagok lekérdezése
+ $q = "SELECT 'member' AS type, uid AS value, userCn AS txt FROM members LEFT JOIN accounts USING (uid) WHERE gid = '%s'";
+ $v = array($A['gid']);
+ $data2 = db_query($q, array('fv' => 'mysqlGetGroupInfo', 'modul' => $modul, 'result' => 'multiassoc', 'keyfield' => 'type', 'values' => $v), $lr);
+ if ($data2 === false) { db_close($lr); return false; }
+ $data = array_merge($data, $data2);
+
+ // Lehetséges tagok
+ if ($SET['withNewAccounts']===true) {
+ $q = "SELECT userCn AS txt, uid AS value FROM accounts WHERE policy='%s' ORDER BY userCn";
+ $data['member']['new'] = db_query($q, array(
+ 'fv' => 'mysqlGetGroupInfo', 'modul' => $modul, 'result' => 'indexed', 'values' => array($toPolicy)
+ ), $lr);
+ }
+
+ db_close($lr);
+ return $data;
+
+ }
+
+
+###############################################################
+# mysqlChangeGroupInfo - csoport információk módosítása
+###############################################################
+
+ function mysqlChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
+
+// !!!! A memberuid / member szinkronjára nem figyel!!
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ // Kapcsolódás az MySQL szerverhez
+ $modul = "$toPolicy auth";
+ $lr = db_connect($modul, array('fv' => 'mysqlChangeGroupInfo'));
+ if (!$lr) return false;
+
+ $q = "SELECT gid FROM groups WHERE groupCn='%s' AND policy='%s'";
+ $v = array($groupCn, $toPolicy);
+ $gid = db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
+ if ($gid === false) { db_close($lr); return false; }
+
+ $emptyAttrs = explode(':', $_POST['emptyAttrs']);
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+
+ $Mod = $Add = $Del = $V = $v = array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] != '')
+ if (isset($_POST[$attr])) $values[0] = readVariable($_POST[$attr],'html');
+ else $values[0] = '';
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if ($attr == 'member') {
+ if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') {
+ for ($i = 0; $i < count($_POST['new-'.$attr]); $i++) {
+ $V[] = "(%u, %u)";
+ array_push($v, $_POST['new-'.$attr][$i], $gid);
+ }
+ $q = "INSERT INTO members (uid, gid) VALUES ".implode(',', $V);
+ db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'values' => $v), $lr);
+ }
+ if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') {
+ $q = "DELETE FROM members WHERE gid=%u
+ AND uid IN (".implode(',', array_fill(0, count($_POST['del-'.$attr]), '%u')).")";
+ $v = array_merge(array($gid), $_POST['del-'.$attr]);
+ $r = db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'values' => $v), $lr);
+ }
+ } else {
+ $_SESSION['alert'][] = 'message:invalid_type:select:'.$attr;
+ }
+ } else {
+ if (in_array($attr, $emptyAttrs)) {
+ if ($values[0] != '') {
+ $W = "`%s`='%s'";
+ $v = array($attr, $values[0]);
+ }
+ } else {
+ if ($values[0] != '') {
+ $W = "`%s`='%s'";
+ $v = array($attr, $values[0]);
+ } else {
+ $W = "`%s`=NULL";
+ $v = array($attr);
+ }
+ }
+ $q = "UPDATE groups SET $W WHERE groupCn='%s' AND policy='%s'";
+ array_push($v, $groupCn, $toPolicy);
+ db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'values' => $v), $lr);
+ }
+ } else {
+ $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ db_close($lr);
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/mysql/session/base.php b/mayor-orig/www/include/backend/mysql/session/base.php
new file mode 100644
index 00000000..35272ff8
--- /dev/null
+++ b/mayor-orig/www/include/backend/mysql/session/base.php
@@ -0,0 +1,52 @@
+<?php
+/*
+ Module: base/session
+ Backend: mysql
+
+ function mysqlMemberOf($userAccount, $groupCn, $toPolicy = _POLICY)
+*/
+
+ require_once('include/backend/mysql/base/attrs.php');
+
+
+ function mysqlMemberOf($userAccount, $groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ $modul = "$toPolicy auth";
+ $lr = db_connect($modul, array('fv' => 'mysqlMemberOf'));
+ if (!$lr) return _AUTH_FAILURE;
+
+ // Az uid lekérdezése
+ if (!defined(('__'.$toPolicy.'_UID')) || _USERACCOUNT != $userAccount) { // egy policy-hez csak egy uid tartozik
+ $q = "SELECT uid FROM accounts WHERE userAccount = '%s' AND policy = '%s'";
+ $v = array($userAccount, $toPolicy);
+ $uid = db_query($q, array('fv' => 'mysqlMemberOf', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
+ if ($uid === false) {
+ $_SESSION['alert'][] = 'message:no_account:'."$userAccount:$toPolicy";
+ db_close($lr); return false;
+ }
+ if (!defined('__'.$toPolicy.'_UID')) define('__'.$toPolicy.'_UID',$uid);
+ } else {
+ $uid=constant('__'.$toPolicy.'_UID');
+ }
+
+ // Az gid lekérdezése
+ $q = "SELECT gid FROM groups WHERE groupCn = '%s' AND policy = '%s'";
+ $v = array($groupCn, $toPolicy);
+ $gid = db_query($q, array('fv' => 'mysqlMemberOf', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
+ if ($gid === false) {
+ $_SESSION['alert'][] = 'message:no_group:'."$groupCn:$toPolicy";
+ db_close($lr); return false;
+ }
+
+ // Benne van-e a csoportban
+ $q = "SELECT COUNT(*) FROM members WHERE uid = %u AND gid = %u";
+ $v = array($uid, $gid);
+ $num = db_query($q, array('fv' => 'mysqlMemberOf', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
+ db_close($lr);
+ return ($num > 0);
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/mysql/session/createAccount.php b/mayor-orig/www/include/backend/mysql/session/createAccount.php
new file mode 100644
index 00000000..25ff9132
--- /dev/null
+++ b/mayor-orig/www/include/backend/mysql/session/createAccount.php
@@ -0,0 +1,106 @@
+<?php
+/*
+ Module: base/session
+ Backend: mysql
+
+ function mysqlCreateAccount($userCn, $userAccount, $studyId, $userPassword, $category, $toPolicy = _POLICY) {
+
+*/
+
+ /*
+ $SET = array(
+ container => a konténer elem - MySQL backend esetén nincs értelme
+ category => tanár, diák... egy kiemelt fontosságú csoport tagság
+ groups => egyéb csoportok
+ policyAttrs => policy függő attribútumok
+ createGroup => létrehozza az adott nevű csoportokat, ha nincsenek
+ )
+
+ */
+ function mysqlCreateAccount(
+ $userCn, $userAccount, $userPassword, $toPolicy, $SET
+ ) {
+
+ global $AUTH;
+
+ $shadowlastchange = floor(time() / (60*60*24));
+ $modul = "$toPolicy auth";
+ $lr = db_connect($modul, array('fv' => 'mysqlCreateAccount'));
+ if (!$lr) return _AUTH_FAILURE;
+
+ // ütközés ellenőrzése
+ $q = "SELECT COUNT(userCn) FROM accounts WHERE userAccount = '%s' AND policy = '%s'";
+ $v = array($userAccount, $toPolicy);
+ $num = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
+ if ($num > 0) {
+ db_close($lr);
+ $_SESSION['alert'][] = 'message:multi_uid'.":$userAccount:$toPolicy";
+ return false;
+ }
+
+ // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '') $shadowlastchange = $AUTH[$toPolicy]['shadowlastchange'];
+ $shadowmin = readVariable($AUTH[$toPolicy]['shadowmin'], 'numeric unsigned', 'null'); // null szöveg
+ $shadowmax = readVariable($AUTH[$toPolicy]['shadowmax'], 'numeric unsigned', 'null'); // null szöveg
+ $shadowwarning = readVariable($AUTH[$toPolicy]['shadowwarning'], 'numeric unsigned', 'null'); // null szöveg
+ $shadowinactive = readVariable($AUTH[$toPolicy]['shadowinactive'], 'numeric unsigned', 'null'); // null szöveg
+ $shadowexpire = readVariable($AUTH[$toPolicy]['shadowexpire'], 'numeric unsigned', 'null'); // null szöveg
+
+ // A $SET['policyAttrs'] feldolgozása
+ $attrList = array_keys($SET['policyAttrs']);
+ $valueList = array_values($SET['policyAttrs']);
+
+ // user felvétele
+ if (count($attrList) > 0) {
+ $q = "INSERT INTO accounts (
+ policy, userAccount, userCn, userPassword, shadowLastChange, shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire,
+ `".implode('`, `', array_fill(0, count($attrList), '%s'))."`
+ ) VALUES (
+ '%s', '%s', '%s', sha('%s'), %u, %u, %u, %u, %u, %u, '".implode("', '", array_fill(0, count($valueList), '%s'))."'
+ )";
+ } else{
+ $q = "INSERT INTO accounts (
+ policy, userAccount, userCn, userPassword, shadowLastChange, shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire
+ ) VALUES ('%s', '%s', '%s', sha('%s'), %u, %u, %u, %u, %u, %u)";
+ }
+ $v = array_merge(
+ $attrList,
+ array($toPolicy, $userAccount, $userCn, $userPassword, $shadowlastchange, $shadowmin, $shadowmax, $shadowwarning, $shadowinactive, $shadowexpire),
+ $valueList
+ );
+ $uid = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'insert', 'values' => $v), $lr);
+ if ($uid === false) { db_close($lr); return false; }
+ // user berakása a kategóriájának megfelelő csoportokba
+
+ if (isset($SET['category'])) {
+ if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']);
+ else $SET['groups'] = array($SET['category']);
+
+ for ($i = 0; $i < count($SET['groups']); $i++) {
+ $category = $SET['groups'][$i];
+ $groupCn = kisbetus(ekezettelen($category));
+ if ($category == '') continue;
+ $q = "SELECT gid FROM groups WHERE groupCn='%s'";
+ $gid = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'value', 'values' => array($groupCn)), $lr);
+ if ($gid === false || is_null($gid)) { // --FIXME -- ez jó így BENCE radyx
+ if ($SET['createGroup']) {
+ require_once('include/modules/session/createGroup.php');
+ //createGroup($groupCn, "$category csoport", $category, $toPolicy = _POLICY);
+ createGroup($groupCn, "$category csoport", $toPolicy = _POLICY, array('category'=>$category));
+ $gid = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'value', 'values' => array($groupCn)), $lr);
+ } else {
+ $_SESSION['alert'][] = 'message:wrong_data:mysqlCreateAccount - nincsmegadva/hibás kategória:'.$category.':'.$groupCn;
+ db_close($lr); return false;
+ }
+ }
+ $q = "INSERT INTO members (uid,gid) VALUES (%u, %u)";
+ $r = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'values' => array($uid, $gid)), $lr);
+ if (!$r) { db_close($lr); return false; }
+ }
+ }
+ $_SESSION['alert'][] = 'info:create_account_success:'.$userAccount;
+ db_close($lr);
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/mysql/session/createGroup.php b/mayor-orig/www/include/backend/mysql/session/createGroup.php
new file mode 100644
index 00000000..d1bc4f7b
--- /dev/null
+++ b/mayor-orig/www/include/backend/mysql/session/createGroup.php
@@ -0,0 +1,37 @@
+<?php
+
+ function mysqlCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = null) {
+
+ global $AUTH;
+
+ // $toPolicy --> backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'mysql') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az MySQL szerverhez
+ $modul = "$toPolicy auth";
+ $lr = @db_connect($modul, array('fv' => 'mysqlCreateGroup'));
+ if (!$lr) return false;
+
+ // cn ütközés ellenőrzése
+ $q = "SELECT COUNT(*) FROM groups WHERE policy='%s' AND groupCn='%s'";
+ $v = array($toPolicy, $groupCn);
+ $num = db_query($q, array('fv' => 'mysqlCreateGroup', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
+ if ($num === false) { db_close($lr); return false; }
+ if ($num > 0) { $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn; db_close($lr); return false; }
+
+ // csoport felvétel
+ $q = "INSERT INTO groups (groupCn, groupDesc, policy) VALUES ('%s', '%s','%s')";
+ $v = array($groupCn, $groupDesc, $toPolicy);
+ $gid = db_query($q, array('fv' => 'mysqlCreateGroup', 'modul' => $modul, 'result' => 'insert', 'values' => $v), $lr);
+ if ($gid === false) { db_close($lr); return false; }
+
+ $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
+ db_close($lr);
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/mysql/session/search/searchAccount.php b/mayor-orig/www/include/backend/mysql/session/search/searchAccount.php
new file mode 100644
index 00000000..fa4584b0
--- /dev/null
+++ b/mayor-orig/www/include/backend/mysql/session/search/searchAccount.php
@@ -0,0 +1,169 @@
+<?php
+/*
+ Module: base/session
+ Backend: mysql
+
+*/
+
+######################################################
+# MySQL account kereső függvény
+######################################################
+
+ function mysqlSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ if ($pattern == '') {
+ $_SESSION['alert'][] = 'message:empty_field:mysqlSerachAccount, pattern';
+ return false;
+ }
+
+ // Kapcsolódás az MySQL szerverhez
+ $modul = "$toPolicy auth";
+ $lr = @db_connect($modul, array('fv' => 'mysqlSearchAccount'));
+ if (!$lr) return false;
+
+ // Keresés
+ $q = "SELECT `".implode('`,`', array_fill(0, count($searchAttrs), '%s'))."` FROM accounts WHERE `%s` LIKE '%%%s%%' AND policy='%s'";
+ $v = array_merge($searchAttrs, array($attr, $pattern, $toPolicy));
+ $r = db_query($q, array('fv' => 'mysqlSearchAccount', 'modul' => $modul, 'result' => 'indexed', 'values' => $v), $lr);
+ db_close($lr);
+ if ($r === false) return false;
+ $ret = array('count' => count($r));
+ foreach ($r as $key => $A) {
+ $data = array();
+ foreach ($A as $attr => $value) {
+ $data[$attr] = array($value);
+ $data[$attr]['count']++;
+ }
+ $data['category'] = getAccountCategories($data['userAccount'][0], $toPolicy);
+ $data['category']['count'] = count($data['category']);
+ $ret[] = $data;
+ }
+
+ return $ret;
+
+ }
+
+######################################################
+# MySQL group kereső függvény
+######################################################
+
+ function mysqlSearchGroup($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ if ($pattern == '') {
+ $_SESSION['alert'][] = 'message:empty_field:mysqlSearchGroup, pattern';
+ return false;
+ }
+
+ // Kapcsolódás az MySQL szerverhez
+ $modul = "$toPolicy auth";
+ $lr = db_connect($modul, array('fv' => 'mysqlSearchGroup'));
+ if (!$lr) return false;
+ // Keresés
+ if ($attr == 'member') {
+ $q = "SELECT `".implode('`,`', array_fill(0, count($searchAttrs), '%s'))."` FROM groups LEFT JOIN members
+ ON members.gid=groups.gid
+ LEFT JOIN accounts USING (uid)
+ WHERE gid IN
+ (SELECT DISTINCT gid FROM accounts LEFT JOIN members USING(uid) WHERE userAccount LIKE '%%%s%%' AND policy='%s')
+ AND groups.policy='%s'";
+ $v = array_merge($searchAttrs, array($pattern, $toPolicy, $toPolicy));
+ } else {
+ $q = "SELECT DISTINCT `".implode('`,`', array_fill(0, count($searchAttrs), '%s'))."` FROM groups LEFT JOIN members
+ ON members.gid=groups.gid
+ LEFT JOIN accounts USING (uid)
+ WHERE `%s` LIKE '%%%s%%' AND groups.policy='%s'";
+ $v = array_merge($searchAttrs, array($attr, $pattern, $toPolicy));
+ }
+ $r = db_query($q, array('fv' => 'mysqlSearchGroup', 'modul' => $modul, 'result' => 'indexed', 'values' => $v), $lr);
+ db_close($lr);
+ if ($r === false) return false;
+ $ret = array('count' => count($r));
+ foreach ($r as $key => $A) {
+ $data = array();
+ foreach ($A as $attr => $value) {
+ $data[$attr] = array($value);
+ }
+ $ret[] = $data;
+ }
+
+ return $ret;
+
+ }
+
+######################################################
+# mysqlDeleteAccount - account törlése
+######################################################
+
+ function mysqlDeleteAccount($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // $toPolicy --> mysql backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'mysql') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az MySQL szerverhez
+ $modul = "$toPolicy auth";
+ $lr = @db_connect($modul, array('fv' => 'mysqlDeleteAccount'));
+ if (!$lr) return false;
+
+ // Az uidNumber, a homeDirectory lekerdezése - és mire használjuk, ha szabad kérdeznem???
+ if ($AUTH[$toPolicy]['createHomeDir']) {
+ $q = "SELECT homeDirectory, uid FROM accounts WHERE policy='%s' AND userAccount='%s'";
+ $v = array($toPolicy, $userAccount);
+ $ret = db_query($q, array('fv' => 'mysqlDeleteAccount', 'modul' => $modul, 'result' => 'record', 'values' => $v), $lr);
+ if ($ret === false) { db_close($lr); return false; }
+
+ $homeDirectory = $ret['homeDirectory']; // de nem használjuk semmire...
+ // A user csoport törlése
+ $q = "DELETE FROM groups WHERE gid=%u";
+ $v = array($ret['uid']);
+ $r = db_query($q, array('fv' => 'mysqlDeleteAccount', 'modul' => $modul, 'values' => $v), $lr);
+ if (!$r) { db_close($lr); return false; }
+ }
+
+ // user törlése
+ $q = "DELETE FROM accounts WHERE policy='%s' AND userAccount='%s'";
+ $v = array($toPolicy, $userAccount);
+ $r = db_query($q, array('fv' => 'mysqlDeleteAccount', 'modul' => $modul, 'values' => $v), $lr);
+ db_close($lr);
+ // törlés a csoportból - Ha innoDb - akkor nincs ezzel tennivaló!!
+ if ($r) $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
+
+ return $r;
+
+ }
+
+######################################################
+# mysqlDeleteGroup - group törlése
+######################################################
+
+ function mysqlDeleteGroup($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // $toPolicy --> mysql backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'mysql') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // csoport törlése
+ $q = "DELETE FROM groups WHERE policy='%s' AND groupCn='%s'";
+ $v = array($toPolicy, $groupCn);
+ $r = db_query($q, array('fv' => 'mysqlDeleteGroup', 'modul' => "$toPolicy auth", 'values' => $v));
+
+ if ($r) $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
+
+ // tagok törlése a csoportból - Ha innoDb - akkor nincs ezzel tennivaló!!
+ return $r;
+
+ }
+
+?>