tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-26 03:09:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Started implementing LDAP Auth support

Browse Source
This commit is contained in:
Andre Lorbach 2012-01-26 15:19:23 +01:00
parent 77fb05bdb5
commit 150bc74d36
2 changed files with 107 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/include/config.sample.php
View File

@ -54,6 +54,16 @@ $CFG['UserDBPref'] = "";
$CFG['UserDBUser'] = ""; $CFG['UserDBUser'] = "";
$CFG['UserDBPass'] = ""; $CFG['UserDBPass'] = "";
$CFG['UserDBLoginRequired'] = false; $CFG['UserDBLoginRequired'] = false;
// LDAP auth options
$CFG['LDAPUserLoginRequired'] = false; // activate LDAP auth
$CFG['LDAPServer'] = "localhost"; // LDAP server hostname or IP
$CFG['LDAPPort'] = 389; // LDAP port, 389 or 636 for SSL
$CFG['LDAPBaseDN'] = "ou=my,o=ldap"; // Base DN for LDAP search
$CFG['LDAPSearchFilter'] = "(objectclass=inetOrgPerson)"; // search filter
$CFG['LDAPUidAttribute'] = "uid"; // the LDAP attribute used in the search to find the user. ex : uid, cn
$CFG['LDAPBindDN'] = "cn=Manager,ou=my,o=ldap"; // DN of the privileged user for the search
$CFG['LDAPBindPassword'] = 'secret'; // Password of the privilegied user
$CFG['LDAPGroupAttribute'] = 'member'; // attribute used to search for groups
// --- // ---
// --- Misc Options // --- Misc Options

102
src/include/functions_users.php
View File

@ -161,12 +161,20 @@ function CheckUserLogin( $username, $password )
{ {
global $content; global $content;
// TODO: SessionTime and AccessLevel check // Check if LDAP Auth has to be used!
if ( GetConfigSetting("LDAPUserLoginRequired", "") == "true")
$md5pass = md5($password); {
$sqlquery = "SELECT * FROM " . DB_USERS . " WHERE username = '" . $username . "' and password = '" . $md5pass . "'"; // perform user auth using LDAP, will add user record to loganalyzer DB if necessary
$result = DB_Query($sqlquery); $myrow = CheckLDAPUserLogin( $username, $password );
$myrow = DB_GetSingleRow($result, true); }
else // Normal MYSQL Login!
{
// TODO: SessionTime and AccessLevel check
$md5pass = md5($password);
$sqlquery = "SELECT * FROM " . DB_USERS . " WHERE username = '" . $username . "' and password = '" . $md5pass . "'";
$result = DB_Query($sqlquery);
$myrow = DB_GetSingleRow($result, true);
}
// The admin field must be set! // The admin field must be set!
if ( isset($myrow['is_admin']) ) if ( isset($myrow['is_admin']) )
@ -261,6 +269,13 @@ function CheckUserLogin( $username, $password )
} }
else else
{ {
/*
if (isset($myrow) && is_numeric($myrow) )
{
//return error code!
return $myrow;
}
*/
if ( GetConfigSetting("DebugUserLogin", 0) == 1 ) if ( GetConfigSetting("DebugUserLogin", 0) == 1 )
DieWithFriendlyErrorMsg( "Debug Error: Could not login user '" . $username . "' <br><br><B>Sessionarray</B> <pre>" . var_export($_SESSION, true) . "</pre><br><B>SQL Statement</B>: " . $sqlselect ); DieWithFriendlyErrorMsg( "Debug Error: Could not login user '" . $username . "' <br><br><B>Sessionarray</B> <pre>" . var_export($_SESSION, true) . "</pre><br><B>SQL Statement</B>: " . $sqlselect );
@ -269,6 +284,81 @@ function CheckUserLogin( $username, $password )
} }
} }
function CheckLDAPUserLogin( $username, $password )
{
global $content;
$ldap_filter='('.$content['LDAPSearchFilter'].'('.$content['LDAPUidAttribute'].'="'.$username.'"))';
// Open LDAP connection
if (!($ds=ldap_connect($content['LDAPServer'],$content['LDAPPort'])))
return false;
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
// Bind as the privilegied user
if (!($r = ldap_bind($ds, $content['LDAPBindDN'], $content['LDAPBindPassword'])))
return false;
// search for the user
if (!($r=ldap_search( $ds, $content['LDAPBaseDN'], $ldap_filter, array("uid","cn","localentryid","userpassword") )))
{
DieWithFriendlyErrorMsg( "Debug Error: Could not login user '" . $username . "'
<strong>Sessionarray</strong>
<pre>" . var_export($_SESSION, true) . "</pre>
<strong>Search Filter </strong>: " . $ldap_filter );
// return not really needed here
return false;
}
$info = ldap_get_entries($ds, $r);
if (!$info || $info["count"] != 1)
{
DieWithFriendlyErrorMsg( "Debug Error: Could not login user '" . $username . "'
<strong>Sessionarray</strong>
<pre>" . var_export($_SESSION, true) . "</pre>
<strong>Search Filter </strong>: " . $ldap_filter );
// return not really needed here
return false;
}
// now we have the user data. Do a bind to check for his password
if (!($r=ldap_bind( $ds, $info[0]['dn'],$password)))
return false;
// for the moment when a user logs in from LDAP, create it in the DB.
// then the prefs and group management is done in the DB and we don't rewrite the whole Loganalyzer code…
// check if the user already exist
$sqlquery = "SELECT * FROM " . DB_USERS . " WHERE username = '" . $username . "'";
$result = DB_Query($sqlquery);
$myrow = DB_GetSingleRow($result, true);
if (!isset($myrow['is_admin']) )
{
// Create User
$result = DB_Query("INSERT INTO " . DB_USERS . " (id, username, password, is_admin, is_readonly) VALUES (".$info[0]['localentryid'][0].", '$username', rnd".md5(mt_rand()."rnd")."', 0, 1)");
DB_FreeQuery($result);
$myrow['is_admin'] = 0;
$myrow['last_login'] = 0;
$myrow['is_readonly'] = 1;
}
$myrowfinal['username'] = $info[0][$content['LDAPUidAttribute']][0];
$myrowfinal['password'] = "hidden";
$myrowfinal['dn'] = $info[0]['dn'];
$myrowfinal['ID'] = $info[0]['localentryid'][0];
$myrowfinal['is_admin'] = $myrow['is_admin'];
$myrowfinal['is_readonly'] = $myrow['is_readonly'];
$myrowfinal['last_login'] = $myrow['last_login'];
return $myrowfinal;
}
function DoLogOff() function DoLogOff()
{ {
global $content; global $content;