tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-25 18:59:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Finished changes in installer to support LDAP Auth setup

Browse Source
This commit is contained in:
Andre Lorbach 2012-03-16 10:47:19 +01:00
parent 4e57e15701
commit 1b12e92868
5 changed files with 157 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/admin/users.php
View File

@ -400,6 +400,12 @@ if ( !isset($_POST['op']) && !isset($_GET['op']) )
{
// Default Mode = List Users
$content['LISTUSERS'] = "true";
// Set AddUsers TAB!
if ( $content['UserDBAuthMode'] == USERDB_AUTH_LDAP )
$content["ALLOWADDUSERS"] = "false";
else
$content["ALLOWADDUSERS"] = "true";
// Read all Serverentries
$sqlquery = "SELECT ID, " .

59
src/include/functions_users.php
View File

@ -286,23 +286,61 @@ function CheckUserLogin( $username, $password )
}
}
function DoLDAPConnect()
{
global $content;
// Open LDAP connection
if (!($ldapConn=@ldap_connect($content['LDAPServer'],$content['LDAPPort'])))
return false;
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
// reached this point means success!
return $ldapConn;
}
function DoLDAPBind($ldapConn)
{
global $content;
// Bind as the privilegied user
return ldap_bind($ldapConn, $content['LDAPBindDN'], $content['LDAPBindPassword']);
}
function CheckLDAPUserLogin( $username, $password )
{
global $content;
// Create LDAP Searchfilter
$ldap_filter='(&'.$content['LDAPSearchFilter'].'('.$content['LDAPUidAttribute'].'='.$username.'))';
// Open LDAP connection
if (!($ldapConn=@ldap_connect($content['LDAPServer'],$content['LDAPPort'])))
return false;
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
// Bind as the privilegied user
if (!($r = ldap_bind($ldapConn, $content['LDAPBindDN'], $content['LDAPBindPassword'])))
// Get LDAP Connection
$ldapConn = DoLDAPConnect();
if ( $ldapConn )
{
if ( !DoLDAPBind($ldapConn) )
{
if ( GetConfigSetting("DebugUserLogin", 0) == 1 )
{
// Die with error
DebugLDAPErrorAndDie( GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERBINDFAILED'], $content['LDAPBindDN'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter );
}
return false;
}
}
else
{
if ( GetConfigSetting("DebugUserLogin", 0) == 1 )
{
// Die with error
DebugLDAPErrorAndDie( GetAndReplaceLangStr($content['LN_LOGIN_LDAP_SERVERFAILED'], $content['LDAPServer'] . ":" . $content['LDAPPort'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter );
}
// return false in this case
return false;
}
// Search for the user
if (!($r=@ldap_search( $ldapConn, $content['LDAPBaseDN'], $ldap_filter, array("uid","cn","localentryid","userpassword") )))
@ -374,6 +412,7 @@ function CheckLDAPUserLogin( $username, $password )
$myrowfinal['is_readonly'] = $myrow['is_readonly'];
$myrowfinal['last_login'] = $myrow['last_login'];
return $myrowfinal;
}
/*

127
src/install.php
View File

@ -426,6 +426,33 @@ else if ( $content['INSTALL_STEP'] == 4 )
// If UserDB is disabled, skip next step!
if ( $_SESSION['UserDBEnabled'] == 0 )
ForwardOneStep();
else
{
if ( $_SESSION['UserDBAuthMode'] == USERDB_AUTH_LDAP )
{
// We need the user system now!
ini_set('error_reporting', E_WARNING); // Enable Warnings!
InitUserDbSettings(); // We need some DB Settings
InitUserSystemPhpLogCon();
// LDAP Variables
$content['LDAPServer'] = $_SESSION['LDAPServer'];
$content['LDAPPort'] = $_SESSION['LDAPPort'];
$content['LDAPBindDN'] = $_SESSION['LDAPBindDN'];
$content['LDAPBindPassword'] = $_SESSION['LDAPBindPassword'];
// try LDAP Connect!
$ldapConn = DoLDAPConnect();
if ( $ldapConn )
{
$bBind = DoLDAPBind($ldapConn);
if ( !$bBind )
RevertOneStep( $content['INSTALL_STEP']-1, GetAndReplaceLangStr( $content['LN_LOGIN_LDAP_USERBINDFAILED'], $_SESSION['LDAPBindDN']) );
}
else
RevertOneStep( $content['INSTALL_STEP']-1, GetAndReplaceLangStr( $content['LN_INSTALL_LDAPCONNECTFAILED'], $_SESSION['LDAPServer']) );
}
}
}
else if ( $content['INSTALL_STEP'] == 5 )
{
@ -512,20 +539,25 @@ else if ( $content['INSTALL_STEP'] == 6 )
{
if ( $_SESSION['UserDBEnabled'] == 1 )
{
if ( isset($_SESSION['MAIN_Username']) )
$content['MAIN_Username'] = $_SESSION['MAIN_Username'];
else
$content['MAIN_Username'] = "";
$content['MAIN_Password1'] = "";
$content['MAIN_Password2'] = "";
// Check for Error Msg
if ( isset($_GET['errormsg']) )
if ( $_SESSION['UserDBAuthMode'] == USERDB_AUTH_INTERNAL )
{
$content['iserror'] = "true";
$content['errormsg'] = urldecode( DB_StripSlahes($_GET['errormsg']) );
if ( isset($_SESSION['MAIN_Username']) )
$content['MAIN_Username'] = $_SESSION['MAIN_Username'];
else
$content['MAIN_Username'] = "";
$content['MAIN_Password1'] = "";
$content['MAIN_Password2'] = "";
// Check for Error Msg
if ( isset($_GET['errormsg']) )
{
$content['iserror'] = "true";
$content['errormsg'] = urldecode( DB_StripSlahes($_GET['errormsg']) );
}
}
else // USERDB_AUTH_LDAP does not need this steo!
ForwardOneStep();
}
else // NO Database means NO user management, so next step!
ForwardOneStep();
@ -534,26 +566,35 @@ else if ( $content['INSTALL_STEP'] == 7 )
{
if ( $_SESSION['UserDBEnabled'] == 1 )
{
if ( isset($_POST['username']) )
$_SESSION['MAIN_Username'] = DB_RemoveBadChars($_POST['username']);
else
RevertOneStep( $content['INSTALL_STEP']-1, $content['LN_INSTALL_MISSINGUSERNAME'] );
if ( $_SESSION['UserDBAuthMode'] == USERDB_AUTH_INTERNAL )
{
if ( isset($_POST['username']) )
$_SESSION['MAIN_Username'] = DB_RemoveBadChars($_POST['username']);
else
RevertOneStep( $content['INSTALL_STEP']-1, $content['LN_INSTALL_MISSINGUSERNAME'] );
if ( isset($_POST['password1']) )
$_SESSION['MAIN_Password1'] = DB_RemoveBadChars($_POST['password1']);
else
if ( isset($_POST['password1']) )
$_SESSION['MAIN_Password1'] = DB_RemoveBadChars($_POST['password1']);
else
$_SESSION['MAIN_Password1'] = "";
if ( isset($_POST['password2']) )
$_SESSION['MAIN_Password2'] = DB_RemoveBadChars($_POST['password2']);
else
$_SESSION['MAIN_Password2'] = "";
if (
strlen($_SESSION['MAIN_Password1']) < 4 ||
$_SESSION['MAIN_Password1'] != $_SESSION['MAIN_Password2']
)
RevertOneStep( $content['INSTALL_STEP']-1, $content['LN_INSTALL_PASSWORDNOTMATCH'] );
}
else if ( $_SESSION['UserDBAuthMode'] == USERDB_AUTH_LDAP )
{
$_SESSION['MAIN_Username'] = $_SESSION['LDAPDefaultAdminUser'];
$_SESSION['MAIN_Password1'] = "";
if ( isset($_POST['password2']) )
$_SESSION['MAIN_Password2'] = DB_RemoveBadChars($_POST['password2']);
else
$_SESSION['MAIN_Password2'] = "";
if (
strlen($_SESSION['MAIN_Password1']) < 4 ||
$_SESSION['MAIN_Password1'] != $_SESSION['MAIN_Password2']
)
RevertOneStep( $content['INSTALL_STEP']-1, $content['LN_INSTALL_PASSWORDNOTMATCH'] );
}
// --- Now execute all commands
ini_set('error_reporting', E_WARNING); // Enable Warnings!
@ -709,7 +750,7 @@ else if ( $content['INSTALL_STEP'] == 8 )
// If we reached this point, we have gathered all necessary information to create our configuration file ;)!
$filebuffer = LoadDataFile($configsamplefile);
// Sez helper variables and init user vars if needed!
// Set helper variables and init user vars if needed!
if ( isset($_SESSION['UserDBEnabled']) && $_SESSION['UserDBEnabled'] ) { $_SESSION['UserDBEnabled_value'] = "true"; } else { $_SESSION['UserDBEnabled_value'] = "false"; }
if ( isset($_SESSION['UserDBLoginRequired']) && $_SESSION['UserDBLoginRequired'] ) { $_SESSION['UserDBLoginRequired_value'] = "true"; } else { $_SESSION['UserDBLoginRequired_value'] = "false"; }
if ( !isset($_SESSION['UserDBServer'])) { $_SESSION['UserDBServer'] = "localhost"; }
@ -718,6 +759,16 @@ else if ( $content['INSTALL_STEP'] == 8 )
if ( !isset($_SESSION['UserDBPref'])) { $_SESSION['UserDBPref'] = "logcon_"; }
if ( !isset($_SESSION['UserDBUser'])) { $_SESSION['UserDBUser'] = "root"; }
if ( !isset($_SESSION['UserDBPass'])) { $_SESSION['UserDBPass'] = ""; }
if ( !isset($_SESSION['UserDBAuthMode'])) { $_SESSION['UserDBAuthMode'] = USERDB_AUTH_INTERNAL; }
// LDAP vars
if ( !isset($_SESSION['LDAPServer'])) { $_SESSION['LDAPServer'] = "127.0.0.1"; }
if ( !isset($_SESSION['LDAPPort'])) { $_SESSION['LDAPPort'] = "389"; }
if ( !isset($_SESSION['LDAPBaseDN'])) { $_SESSION['LDAPBaseDN'] = "CN=Users,DC=domain,DC=local"; }
if ( !isset($_SESSION['LDAPSearchFilter'])) { $_SESSION['LDAPSearchFilter'] = "(objectClass=user)"; }
if ( !isset($_SESSION['LDAPUidAttribute'])) { $_SESSION['LDAPUidAttribute'] = "sAMAccountName"; }
if ( !isset($_SESSION['LDAPBindDN'])) { $_SESSION['LDAPBindDN'] = "CN=Searchuser,CN=Users,DC=domain,DC=local"; }
if ( !isset($_SESSION['LDAPBindPassword'])) { $_SESSION['LDAPBindPassword'] = "Password"; }
// Start replacing existing sample configurations
$patterns[] = "/\\\$CFG\['ViewMessageCharacterLimit'\] = [0-9]{1,2};/";
@ -733,6 +784,14 @@ else if ( $content['INSTALL_STEP'] == 8 )
$patterns[] = "/\\\$CFG\['UserDBUser'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['UserDBPass'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['UserDBLoginRequired'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['UserDBAuthMode'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPServer'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPPort'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPBaseDN'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPSearchFilter'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPUidAttribute'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPBindDN'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPBindPassword'\] = (.*?);/";
$replacements[] = "\$CFG['ViewMessageCharacterLimit'] = " . $_SESSION['ViewMessageCharacterLimit'] . ";";
$replacements[] = "\$CFG['ViewStringCharacterLimit'] = " . $_SESSION['ViewStringCharacterLimit'] . ";";
@ -747,6 +806,14 @@ else if ( $content['INSTALL_STEP'] == 8 )
$replacements[] = "\$CFG['UserDBUser'] = '" . $_SESSION['UserDBUser'] . "';";
$replacements[] = "\$CFG['UserDBPass'] = '" . $_SESSION['UserDBPass'] . "';";
$replacements[] = "\$CFG['UserDBLoginRequired'] = " . $_SESSION['UserDBLoginRequired_value'] . ";";
$replacements[] = "\$CFG['UserDBAuthMode'] = " . $_SESSION['UserDBAuthMode'] . ";";
$replacements[] = "\$CFG['LDAPServer'] = '" . $_SESSION['LDAPServer'] . "';";
$replacements[] = "\$CFG['LDAPPort'] = " . $_SESSION['LDAPPort'] . ";";
$replacements[] = "\$CFG['LDAPBaseDN'] = '" . $_SESSION['LDAPBaseDN'] . "';";
$replacements[] = "\$CFG['LDAPSearchFilter'] = '" . $_SESSION['LDAPSearchFilter'] . "';";
$replacements[] = "\$CFG['LDAPUidAttribute'] = '" . $_SESSION['LDAPUidAttribute'] . "';";
$replacements[] = "\$CFG['LDAPBindDN'] = '" . $_SESSION['LDAPBindDN'] . "';";
$replacements[] = "\$CFG['LDAPBindPassword'] = '" . $_SESSION['LDAPBindPassword'] . "';";
//User Database Options
if ( isset($_SESSION['UserDBEnabled']) && $_SESSION['UserDBEnabled'] )

3
src/lang/en/main.php
View File

@ -240,6 +240,8 @@ $content['LN_LOGIN_USERPASSMISSING'] = "Username or password not given";
$content['LN_LOGIN_LDAP_USERNOTFOUND'] = "User '%1' could not be found";
$content['LN_LOGIN_LDAP_USERCOULDNOTLOGIN'] = "Could not login user '%1', LDAP error: %2";
$content['LN_LOGIN_LDAP_PASSWORDFAIL'] = "User '%1' could not login with the given password";
$content['LN_LOGIN_LDAP_SERVERFAILED'] = "Failed to connect to LDAP Server '%1'";
$content['LN_LOGIN_LDAP_USERBINDFAILED'] = "Could not bind with the Search user DN '%1'";
// Install Site
@ -294,6 +296,7 @@ $content['LN_INSTALL_PASSWORDREPEAT'] = "Repeat Password";
$content['LN_INSTALL_SUCCESSCREATED'] = "Successfully created User";
$content['LN_INSTALL_RECHECK'] = "ReCheck";
$content['LN_INSTALL_FINISH'] = "Finish!";
$content['LN_INSTALL_LDAPCONNECTFAILED'] = "Failed to connect to your LDAP Server '%1'.";
$content['LN_INSTALL_'] = "";
// Converter Site

2
src/templates/admin/admin_users.html
View File

@ -42,9 +42,11 @@
</td>
</tr>
<!-- END USERS -->
<!-- IF ALLOWADDUSERS="true" -->
<tr>
<td align="center" colspan="5" class="line0"><b><a href="{BASEPATH}admin/users.php?op=add"><img src="{MENU_ADDUSER}" title="{LN_USER_ADD}">&nbsp;{LN_USER_ADD}</a></b></td>
</tr>
<!-- ENDIF ALLOWADDUSERS="true" -->
</table>
<!-- ENDIF LISTUSERS="true" -->