From f51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0 Mon Sep 17 00:00:00 2001 From: M.Gergo Date: Fri, 8 Mar 2019 21:20:34 +0100 Subject: további rendrakás --- .../www/include/backend/ldapng/auth/login.php | 163 --------- .../www/include/backend/ldapng/base/attrs.php | 137 ------- .../backend/ldapng/password/changePassword.php | 160 --------- .../include/backend/ldapng/session/accountInfo.php | 399 --------------------- .../www/include/backend/ldapng/session/base.php | 190 ---------- .../backend/ldapng/session/createAccount.php | 157 -------- .../include/backend/ldapng/session/createGroup.php | 82 ----- .../ldapng/session/search/searchAccount.php | 271 -------------- 8 files changed, 1559 deletions(-) delete mode 100644 mayor-orig/www/include/backend/ldapng/auth/login.php delete mode 100644 mayor-orig/www/include/backend/ldapng/base/attrs.php delete mode 100644 mayor-orig/www/include/backend/ldapng/password/changePassword.php delete mode 100644 mayor-orig/www/include/backend/ldapng/session/accountInfo.php delete mode 100644 mayor-orig/www/include/backend/ldapng/session/base.php delete mode 100644 mayor-orig/www/include/backend/ldapng/session/createAccount.php delete mode 100644 mayor-orig/www/include/backend/ldapng/session/createGroup.php delete mode 100644 mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php (limited to 'mayor-orig/www/include/backend/ldapng') diff --git a/mayor-orig/www/include/backend/ldapng/auth/login.php b/mayor-orig/www/include/backend/ldapng/auth/login.php deleted file mode 100644 index b24b4b96..00000000 --- a/mayor-orig/www/include/backend/ldapng/auth/login.php +++ /dev/null @@ -1,163 +0,0 @@ - 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid"; - ldap_close($ds); - return _AUTH_FAILURE_2; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - - - $accountInformation['cn'] = $info[0][ $AUTH[$toPolicy]['ldapCnAttr'] ][0]; - $accountInformation['studyId'] = $info[0][ $AUTH[$toPolicy]['ldapStudyIdAttr'] ][0]; - - $accountInformation['dn'] = $info[0]['dn']; - $accountInformation['account'] = $userAccount; - // Lejárt-e - // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik - if ($info[0]['pwdlastset'][0] != '') { // A pwdLastSet és shadowLastChange közül a kisebbiket használjuk -// if ($info[0]['shadowlastchange'][0] != '') -// $info[0]['shadowlastchange'][0] = min(pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]), $info[0]['shadowlastchange'][0]); -// else - $info[0]['shadowlastchange'][0] = pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]); - } - if ($info[0]['accountexpires'][0] != '') { // Az accountExpires és a shadowExpire közül a kisebbiket használjuk -// if ($info[0]['shadowexpire'][0] != '') -// $info[0]['shadowexpire'][0] = min(pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]), $info[0]['shadowexpire'][0]); -// else - $info[0]['shadowexpire'][0] = pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]); - } - if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0]; - if ( - $info[0]['shadowmax'][0] != '' && - ( - !isset($expireTimestamp) || - $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0] - ) - ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]; - // lejárt, ha lejárat ideje már elmúlt - $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24)))); - - // Le van-e tiltva - // Ha több mint shadowInactive napja lejárt - if ( // onDisabled: none | refuse - $AUTH[$toPolicy]['onDisabled'] == 'refuse' && - isset($expireTimestamp) && - $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24)) - ) { - // Le van tiltva - $_SESSION['alert'][] = 'message:account_disabled'; - ldap_close($ds); - return _AUTH_FAILURE_4; - } // onDisabled - - // Jelszó ellenőrzés - lehet-e csatlakozni - if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) { - $_SESSION['alert'][] = 'message:bad_pw'; - return _AUTH_FAILURE_3; - } - - ldap_close($ds); - // Lejárt-e az azonosító - if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update - // Lejárt-e - $pwLejar = $expireTimestamp - floor(time()/(60*60*24)); - if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) { - $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar; - return _AUTH_SUCCESS; - } elseif ($pwLejar <= 0) { - $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar); - if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar); - if ($AUTH[$toPolicy]['onExpired'] == 'warning') { - return _AUTH_SUCCESS; - } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') { - return _AUTH_EXPIRED; - } else { - return _AUTH_FAILURE; - } - } - } // onExpired - // Ha idáig eljut, akkor minden rendben. - return _AUTH_SUCCESS; - - } // count == 1 - - } - -?> diff --git a/mayor-orig/www/include/backend/ldapng/base/attrs.php b/mayor-orig/www/include/backend/ldapng/base/attrs.php deleted file mode 100644 index 2ea07778..00000000 --- a/mayor-orig/www/include/backend/ldapng/base/attrs.php +++ /dev/null @@ -1,137 +0,0 @@ - 'uid', - 'userCn' => 'displayName', - 'mail' => 'mail', - 'studyId' => 'employeeNumber', // Ez konfig-ban külön van állítva, az itteni érték irreleváns - 'shadowLastChange' => 'shadowLastChange', - 'shadowWarning' => 'shadowWarning', - 'shadowMin' => 'shadowMin', - 'shadowMax' => 'shadowMax', - 'shadowExpire' => 'shadowExpire', - 'shadowInactive' => 'shadowInactive', - ); - - global $groupAttrToLDAP; - $groupAttrToLDAP = array( - 'groupCn' => 'cn', - 'groupDesc' => 'description', - 'member' => 'member', - ); - - global $ldapngAccountAttrDef; - $ldapngAccountAttrDef = array( - 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'), - 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'rrr'), - 'sn' => array('desc' => _LDAPSN, 'type' => 'text', 'rights' => 'wrr'), - 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'), - 'employeenumber' => array('desc' => _LDAPEMPLOYEENUMBER, 'type' => 'int', 'rights' => 'wrr'), - 'displayname' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'), - 'name' => array('desc' => _LDAPNAME, 'type' => 'text', 'rights' => 'r--'), - 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'), - 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'), - 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'), - 'mssfu30name' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'r--'), - 'unixhomedirectory' => array('desc' => _LDAPUNIXHOMEDIRECTORY, 'type' => 'text', 'rights' => 'wrr'), - 'loginshell' => array('desc' => _LDAPLOGINSHELL, 'type' => 'text', 'rights' => 'wrr'), - 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'), - 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'), - 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'), - 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'), - 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'), - 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'), -/* - 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'), - 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'), - 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'), - 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'), - 'l' => array('desc' => _LDAPL, 'type' => 'text'), - 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'), - 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'), - 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'), -*/ - ); - - global $ldapngGroupAttrDef; - $ldapngGroupAttrDef = array( - 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'rrr'), - 'name' => array('desc' => _LDAPNAME, 'type' => 'text','rights' => 'rrr'), - 'samaccountname' => array('desc' => _LDAPSAMACCOUNTNAME, 'type' => 'text','rights' => 'wrr'), - 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'), - 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'), - 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'), - 'objectcategory' => array('desc' => _LDAPOBJECTCATEGORY, 'type' => 'text','rights' => 'rrr'), - - 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'), - ); - -?> diff --git a/mayor-orig/www/include/backend/ldapng/password/changePassword.php b/mayor-orig/www/include/backend/ldapng/password/changePassword.php deleted file mode 100644 index 039dda5d..00000000 --- a/mayor-orig/www/include/backend/ldapng/password/changePassword.php +++ /dev/null @@ -1,160 +0,0 @@ - diff --git a/mayor-orig/www/include/backend/ldapng/session/accountInfo.php b/mayor-orig/www/include/backend/ldapng/session/accountInfo.php deleted file mode 100644 index 03761dca..00000000 --- a/mayor-orig/www/include/backend/ldapng/session/accountInfo.php +++ /dev/null @@ -1,399 +0,0 @@ - mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - } - return $return[0]; - - } - - } - -############################################################# -# ldapGetUserInfo - felhasználói információk (keretrendszer) -############################################################# - - function ldapngGetUserInfo($userAccount, $toPolicy = _POLICY) { - - global $accountAttrToLDAP, $ldapAttrDef; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy); - if ($result === false) { - return false; - } else { - - $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']); - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + LDAP --> MaYoR schema - foreach ($accountAttrToLDAP as $attr => $ldapAttr) { - $ldapAttr = kisbetus($ldapAttr); - if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr]; - else $return[$attr] = array('count' => 0); - } - return $return; - - } - - } - -############################################################### -# ldapChangeAccountInfo - felhasználói információk módosítása -############################################################### - - function ldapngChangeAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - $_alert = array(); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr]; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - } - - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$userDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$userDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - -########################################################### -# ldapGetGroupInfo - csoport információk (backend) -########################################################### - - function ldapngGetGroupInfo($groupCn, $toPolicy = _POLICY) { - - global $backendAttrs, $backendAttrDef; - - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy); - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // Accountok lekérdezése - $info = getLDAPaccounts($toPolicy); - for ($i = 0; $i < $info['count']; $i++) { - $accountUid[] = array( - 'value' => $info[$i]['uid'][0], - 'txt' => $info[$i]['displayname'][0] - ); - $accountDn[] = array( - 'value' => $info[$i]['dn'], - 'txt' => $info[$i]['displayname'][0] - ); - } - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - $return[$i]['member']['new'] = $accountDn; - $return[$i]['memberuid']['new'] = $accountUid; - } - - return $return[0]; - - } - - } - -############################################################### -# ldapChangeGroupInfo - csoport információk módosítása -############################################################### - - function ldapngChangeGroupInfo($groupCn, $toPolicy = _POLICY) { - -// !!!! A memberuid / member szinkronjára nem figyel!! - - global $AUTH, $backendAttrs, $backendAttrDef; - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - $_alert = array(); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '') - if (isset($_POST[$attr])) $values[0] = $_POST[$attr]; - else $values[0] = ''; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - - } - - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$groupDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$groupDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i=0;$i diff --git a/mayor-orig/www/include/backend/ldapng/session/base.php b/mayor-orig/www/include/backend/ldapng/session/base.php deleted file mode 100644 index a4eff43d..00000000 --- a/mayor-orig/www/include/backend/ldapng/session/base.php +++ /dev/null @@ -1,190 +0,0 @@ - 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid:$userAccount"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - return $info[0]['dn']; - } - - } - - -###################################################### -# A groupCn(cn)-hez tartozó dn lekérdezése -###################################################### - - function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // Nézzük, hogy van-e át"map"-elt csoport! - if (isset($AUTH[$toPolicy]['categoryMap'][ekezettelen($groupCn)])) { - return $AUTH[$toPolicy]['categoryMap'][ekezettelen($groupCn)]; - } - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e ilyen csoport? - $filter="(&(".$AUTH[$toPolicy]['ldapGroupCnAttr']."=$groupCn)(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass']."))"; - $justthese=array($AUTH[$toPolicy]['ldapGroupCnAttr']); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó... - if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen cn is van - $_SESSION['alert'][] = "message:multi_gid:$groupCn"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen csoport - return $info[0]['dn']; - } - - } - -###################################################### -# memberOf - csoport tag-e -###################################################### - - function ldapngMemberOf($userAccount, $group, $toPolicy = _POLICY) { - - global $AUTH; - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - /* Kis hack: csoport-tagság helyett vizsgáljuk előbb a megfelelő szervezeti egységet... de ezt nem biztos, hogy érdemes... */ - if (in_array($group, $AUTH[$toPolicy]['categories'])) { - if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true; - } - - if (substr($group,0,3) != 'cn=') { - $groupDn = LDAPgroupCnToDn(ekezettelen($group)); - if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában - } else { - $groupDn = $group; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $justthese = array('cn'); // valamit le kell kérdezni... - // OpenLDAP a tagok azonosítóját tárolja el (memberUid), más rendszerek a dn-t (member) - $filter = "(&(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(|(member=$userDn)(memberUid=$userAccount)))"; - $sr = @ldap_search($ds, $groupDn, $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:group=$group; filter=".$filter; - ldap_close($ds); - return false; - } - - $info = ldap_get_entries($ds, $sr); - ldap_close($ds); - - if ($info['count'] > 0) { - return true; - } else { - return false; - } - - } - -?> diff --git a/mayor-orig/www/include/backend/ldapng/session/createAccount.php b/mayor-orig/www/include/backend/ldapng/session/createAccount.php deleted file mode 100644 index 96a5b557..00000000 --- a/mayor-orig/www/include/backend/ldapng/session/createAccount.php +++ /dev/null @@ -1,157 +0,0 @@ - a konténer elem - ha nincs, akkor CN=Users alá rakja - category => tanár, diák... egy kiemelt fontosságú csoport tagság - groups => egyéb csoportok - policyAttrs => policy függő attribútumok - ) - */ - function ldapngCreateAccount( - $userCn, $userAccount, $userPassword, $toPolicy, $SET - ) { - - global $AUTH; - - $shadowLastChange = floor(time() / (60*60*24)); - - // $toPolicy --> ldap backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ldapng') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $ginfo = Array(); - - // uid ütközés ellenőrzése - $filter = "(sAMAccountName=$userAccount)"; - $justthese = array('sAMAccountName'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - $uinfo = ldap_get_entries($ds, $sr); - $uidCount = $uinfo['count']; - ldap_free_result($sr); - if ($uidCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount; - return false; - } - - // Az következő uidNumber megállapítása - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(uidNumber=*))"; - $justthese = array('uidNumber', 'msSFU30UidNumber'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - ldap_sort($ds, $sr, 'uidNumber'); - $uinfo = ldap_get_entries($ds, $sr); - ldap_free_result($sr); - if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1); - else $info['uidNumber'] = array(1001); - - // shadow attributumok... - // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '') - $info['shadowLastChange'] = array($shadowLastChange); - if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']); - if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']); - if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']); - if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']); - if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']); - - // A szokásos attribútumok - $Name = explode(' ',$userCn); - $Dn = ldap_explode_dn($AUTH[$toPolicy]['ldapBaseDn'], 1); unset($Dn['count']); - $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn)); - $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount); - $info['displayName'] = array($userCn); - $info['sn'] = array($Name[0]); - $info['givenName'] = array($Name[ count($Name)-1 ]); - $info['unixUserPassword'] = array('ABCD!efgh12345$67890'); - $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount")); - $info['loginShell'] = array('/bin/bash'); - $info['objectClass'] = array($AUTH[$toPolicy]['ldapUserObjectClass'], 'user'); - - $policyAccountAttrs = $SET['policyAttrs']; - if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['ldapStudyIdAttr'] ] = array($policyAccountAttrs['studyId']); - foreach ($policyAccountAttrs as $attr => $value) - if ($attr != 'studyId' && isset($accountAttrToLDAP[$attr])) - $info[ $accountAttrToLDAP[$attr] ] = array($value); - - if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container']; - else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['ldapBaseDn']; - - // user felvétel - $_r1 = @ldap_add($ds,$dn,$info); - if (!$_r1) { - $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds); - //echo $dn.'
'; var_dump($info); echo '
'; - return false; - } - - // Jelszó beállítás - if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount; - - // Engedélyezés - $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */ - $_r1 = @ldap_mod_replace($ds,$dn,$einfo); - if (!$_r1) { - $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds); - //echo $dn.'
'; var_dump($info); echo '
'; - return false; - } - - // Kategória csoportba és egyéb csoportokba rakás - if (isset($SET['category'])) { - if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']); - else $SET['groups'] = array($SET['category']); - - $ginfo['member'] = $dn; - - for ($i = 0; $i < count($SET['groups']); $i++) { - $groupDn = LDAPgroupCnToDn($SET['groups'][$i], $toPolicy); - if ($groupDn !== false) { - $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo); - if (!$_r3) { - $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds); - //echo $SET['groups'][$i].'
'; var_dump($ginfo); echo '
'; - } - } - } - } - - ldap_close($ds); - - if (defined('_DATADIR') - && isset($AUTH[$toPolicy]['createAccountScript']) - && file_exists(_DATADIR) - ) { - $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+'); - if ($sfp) { - fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n"); - fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n"); - fclose($sfp); - } - } - $_SESSION['alert'][] = 'info:create_uid_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ldapng/session/createGroup.php b/mayor-orig/www/include/backend/ldapng/session/createGroup.php deleted file mode 100644 index 78def54d..00000000 --- a/mayor-orig/www/include/backend/ldapng/session/createGroup.php +++ /dev/null @@ -1,82 +0,0 @@ - ldap backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ldapng') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $ginfo = Array(); - - // cn ütközés ellenőrzése - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(cn=$groupCn))"; - $justthese = array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - $ginfo = ldap_get_entries($ds, $sr); - $gCount = $ginfo['count']; - ldap_free_result($sr); - if ($gCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn; - return false; - } - - // Az következő gidNumber megállapítása - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(gidNumber=*))"; - $justthese = array('gidNumber', 'msSFU30GidNumber'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - ldap_sort($ds, $sr, 'gidNumber'); - $ginfo = ldap_get_entries($ds, $sr); - ldap_free_result($sr); - if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1); - else $info['gidNumber'] = array(1001); - - // A szokásos attribútumok - $info['sAMAccountName'] = $info['cn'] = array($groupCn); - $info['description'] = array($groupDesc); - - // A kategória függő attribútumok - if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container']; - else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['ldapBaseDn']; - - // objectum osztályok - $info['objectClass'] = array($AUTH[$toPolicy]['ldapGroupObjectClass']); - - // csoport felvétel - $_r1 = ldap_add($ds,$dn,$info); - if (!$_r1) { - printf("LDAP-Error: %s
\n", ldap_error($ds)); - var_dump($info); - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:create_group_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php deleted file mode 100644 index 74d285e6..00000000 --- a/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php +++ /dev/null @@ -1,271 +0,0 @@ - mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (isset($result[$i][ kisbetus($accountAttrToLDAP[$a]) ])) { - if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToLDAP[$a]) ]; - else $return[$i][$a] = $result[$i][$a]; - } else { - $return[$i][$a] = array('count' => 0) ; - } - } - $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy); - $return[$i]['category']['count'] = count($return[$i]['category']); - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# ldapSearchGroup - csoport kereső függvény -###################################################### - - function ldapngSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) { - - global $groupAttrToLDAP, $AUTH; - - // A keresendő attribútum konvertálása LDAP attribútummá - if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ]; - else $attrLDAP = $attr; - if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!! - - // A lekérendő adtibútumok konvertálása LDAP attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ]; - else $searchAttrsLDAP[$i] = $searchAttrs[$i]; - } - - $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass='.$AUTH[$toPolicy]['ldapGroupObjectClass'].')', $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') { - if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ]; - else $return[$i][$a] = ''; - } else { - $return[$i][$a] = $result[$i][$a]; - } - } - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# ldapDeleteAccount - account törlése -###################################################### - - function ldapngDeleteAccount($userAccount, $toPolicy = _POLICY) { - - global $AUTH; - - // $toPolicy --> ldapng backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ldapng') { - $_SESSION['alert'][] = 'page:wrong_backend:ldapng!='.$AUTH[$toPolicy]['backend']; - return false; - } - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - if ($userDn === false) return false; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Az uidNumber, a unixHomeDirectory lekerdezése - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(!(objectclass=computer)))"; - $justthese = array('uidNumber','unixHomedirectory'); - $sr = @ldap_search($ds,$userDn,$filter,$justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } ; - - $info = @ldap_get_entries($ds,$sr); - $uidNumber = $info[0]['uidnumber'][0]; - $homeDirectory = $info[0]['unixhomedirectory'][0]; - $uid=$userAccount; - - // user törlése - if (!@ldap_delete($ds,$userDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount; - } - - ldap_close($ds); - - /* - Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait. - A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter - lista: userAccount, uidNumber, homeDirectory - */ - if (defined('_DATADIR') - && isset($AUTH[$toPolicy]['deleteAccountScript']) - && file_exists(_DATADIR) - ) { - $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+'); - if ($sfp) { - fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n"); - fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n"); - fclose($sfp); - } - } - - $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn; - return true; - - } - -###################################################### -# ldapDeleteGroup - account törlése -###################################################### - - function ldapngDeleteGroup($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // $toPolicy --> ldapng backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ldapng') { - $_SESSION['alert'][] = 'page:wrong_backend:ldapng!='.$AUTH[$toPolicy]['backend']; - return false; - } - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - if ($groupDn === false) return false; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - if (!@ldap_delete($ds, $groupDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn; - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn; - return true; - - } - - -?> -- cgit v1.2.3