tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-25 18:59:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Finished changes in installer to support LDAP Auth setup

Browse Source
This commit is contained in:
Andre Lorbach 2012-03-16 10:47:19 +01:00
parent 4e57e15701
commit 1b12e92868
5 changed files with 157 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/admin/users.php
View File

@ -400,6 +400,12 @@ if ( !isset($_POST['op']) && !isset($_GET['op']) )
{ {
// Default Mode = List Users // Default Mode = List Users
$content['LISTUSERS'] = "true"; $content['LISTUSERS'] = "true";
// Set AddUsers TAB!
if ( $content['UserDBAuthMode'] == USERDB_AUTH_LDAP )
$content["ALLOWADDUSERS"] = "false";
else
$content["ALLOWADDUSERS"] = "true";
// Read all Serverentries // Read all Serverentries
$sqlquery = "SELECT ID, " . $sqlquery = "SELECT ID, " .

59
src/include/functions_users.php
View File

@ -286,23 +286,61 @@ function CheckUserLogin( $username, $password )
} }
} }
function DoLDAPConnect()
{
global $content;
// Open LDAP connection
if (!($ldapConn=@ldap_connect($content['LDAPServer'],$content['LDAPPort'])))
return false;
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
// reached this point means success!
return $ldapConn;
}
function DoLDAPBind($ldapConn)
{
global $content;
// Bind as the privilegied user
return ldap_bind($ldapConn, $content['LDAPBindDN'], $content['LDAPBindPassword']);
}
function CheckLDAPUserLogin( $username, $password ) function CheckLDAPUserLogin( $username, $password )
{ {
global $content; global $content;
// Create LDAP Searchfilter // Create LDAP Searchfilter
$ldap_filter='(&'.$content['LDAPSearchFilter'].'('.$content['LDAPUidAttribute'].'='.$username.'))'; $ldap_filter='(&'.$content['LDAPSearchFilter'].'('.$content['LDAPUidAttribute'].'='.$username.'))';
// Open LDAP connection // Get LDAP Connection
if (!($ldapConn=@ldap_connect($content['LDAPServer'],$content['LDAPPort']))) $ldapConn = DoLDAPConnect();
return false; if ( $ldapConn )
{
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3); if ( !DoLDAPBind($ldapConn) )
{
// Bind as the privilegied user if ( GetConfigSetting("DebugUserLogin", 0) == 1 )
if (!($r = ldap_bind($ldapConn, $content['LDAPBindDN'], $content['LDAPBindPassword']))) {
// Die with error
DebugLDAPErrorAndDie( GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERBINDFAILED'], $content['LDAPBindDN'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter );
}
return false;
}
}
else
{
if ( GetConfigSetting("DebugUserLogin", 0) == 1 )
{
// Die with error
DebugLDAPErrorAndDie( GetAndReplaceLangStr($content['LN_LOGIN_LDAP_SERVERFAILED'], $content['LDAPServer'] . ":" . $content['LDAPPort'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter );
}
// return false in this case
return false; return false;
}
// Search for the user // Search for the user
if (!($r=@ldap_search( $ldapConn, $content['LDAPBaseDN'], $ldap_filter, array("uid","cn","localentryid","userpassword") ))) if (!($r=@ldap_search( $ldapConn, $content['LDAPBaseDN'], $ldap_filter, array("uid","cn","localentryid","userpassword") )))
@ -374,6 +412,7 @@ function CheckLDAPUserLogin( $username, $password )
$myrowfinal['is_readonly'] = $myrow['is_readonly']; $myrowfinal['is_readonly'] = $myrow['is_readonly'];
$myrowfinal['last_login'] = $myrow['last_login']; $myrowfinal['last_login'] = $myrow['last_login'];
return $myrowfinal; return $myrowfinal;
} }
/* /*

127
src/install.php
View File

@ -426,6 +426,33 @@ else if ( $content['INSTALL_STEP'] == 4 )
// If UserDB is disabled, skip next step! // If UserDB is disabled, skip next step!
if ( $_SESSION['UserDBEnabled'] == 0 ) if ( $_SESSION['UserDBEnabled'] == 0 )
ForwardOneStep(); ForwardOneStep();
else
{
if ( $_SESSION['UserDBAuthMode'] == USERDB_AUTH_LDAP )
{
// We need the user system now!
ini_set('error_reporting', E_WARNING); // Enable Warnings!
InitUserDbSettings(); // We need some DB Settings
InitUserSystemPhpLogCon();
// LDAP Variables
$content['LDAPServer'] = $_SESSION['LDAPServer'];
$content['LDAPPort'] = $_SESSION['LDAPPort'];
$content['LDAPBindDN'] = $_SESSION['LDAPBindDN'];
$content['LDAPBindPassword'] = $_SESSION['LDAPBindPassword'];
// try LDAP Connect!
$ldapConn = DoLDAPConnect();
if ( $ldapConn )
{
$bBind = DoLDAPBind($ldapConn);
if ( !$bBind )
RevertOneStep( $content['INSTALL_STEP']-1, GetAndReplaceLangStr( $content['LN_LOGIN_LDAP_USERBINDFAILED'], $_SESSION['LDAPBindDN']) );
}
else
RevertOneStep( $content['INSTALL_STEP']-1, GetAndReplaceLangStr( $content['LN_INSTALL_LDAPCONNECTFAILED'], $_SESSION['LDAPServer']) );
}
}
} }
else if ( $content['INSTALL_STEP'] == 5 ) else if ( $content['INSTALL_STEP'] == 5 )
{ {
@ -512,20 +539,25 @@ else if ( $content['INSTALL_STEP'] == 6 )
{ {
if ( $_SESSION['UserDBEnabled'] == 1 ) if ( $_SESSION['UserDBEnabled'] == 1 )
{ {
if ( isset($_SESSION['MAIN_Username']) ) if ( $_SESSION['UserDBAuthMode'] == USERDB_AUTH_INTERNAL )
$content['MAIN_Username'] = $_SESSION['MAIN_Username'];
else
$content['MAIN_Username'] = "";
$content['MAIN_Password1'] = "";
$content['MAIN_Password2'] = "";
// Check for Error Msg
if ( isset($_GET['errormsg']) )
{ {
$content['iserror'] = "true"; if ( isset($_SESSION['MAIN_Username']) )
$content['errormsg'] = urldecode( DB_StripSlahes($_GET['errormsg']) ); $content['MAIN_Username'] = $_SESSION['MAIN_Username'];
else
$content['MAIN_Username'] = "";
$content['MAIN_Password1'] = "";
$content['MAIN_Password2'] = "";
// Check for Error Msg
if ( isset($_GET['errormsg']) )
{
$content['iserror'] = "true";
$content['errormsg'] = urldecode( DB_StripSlahes($_GET['errormsg']) );
}
} }
else // USERDB_AUTH_LDAP does not need this steo!
ForwardOneStep();
} }
else // NO Database means NO user management, so next step! else // NO Database means NO user management, so next step!
ForwardOneStep(); ForwardOneStep();
@ -534,26 +566,35 @@ else if ( $content['INSTALL_STEP'] == 7 )
{ {
if ( $_SESSION['UserDBEnabled'] == 1 ) if ( $_SESSION['UserDBEnabled'] == 1 )
{ {
if ( isset($_POST['username']) ) if ( $_SESSION['UserDBAuthMode'] == USERDB_AUTH_INTERNAL )
$_SESSION['MAIN_Username'] = DB_RemoveBadChars($_POST['username']); {
else if ( isset($_POST['username']) )
RevertOneStep( $content['INSTALL_STEP']-1, $content['LN_INSTALL_MISSINGUSERNAME'] ); $_SESSION['MAIN_Username'] = DB_RemoveBadChars($_POST['username']);
else
RevertOneStep( $content['INSTALL_STEP']-1, $content['LN_INSTALL_MISSINGUSERNAME'] );
if ( isset($_POST['password1']) ) if ( isset($_POST['password1']) )
$_SESSION['MAIN_Password1'] = DB_RemoveBadChars($_POST['password1']); $_SESSION['MAIN_Password1'] = DB_RemoveBadChars($_POST['password1']);
else else
$_SESSION['MAIN_Password1'] = "";
if ( isset($_POST['password2']) )
$_SESSION['MAIN_Password2'] = DB_RemoveBadChars($_POST['password2']);
else
$_SESSION['MAIN_Password2'] = "";
if (
strlen($_SESSION['MAIN_Password1']) < 4 ||
$_SESSION['MAIN_Password1'] != $_SESSION['MAIN_Password2']
)
RevertOneStep( $content['INSTALL_STEP']-1, $content['LN_INSTALL_PASSWORDNOTMATCH'] );
}
else if ( $_SESSION['UserDBAuthMode'] == USERDB_AUTH_LDAP )
{
$_SESSION['MAIN_Username'] = $_SESSION['LDAPDefaultAdminUser'];
$_SESSION['MAIN_Password1'] = ""; $_SESSION['MAIN_Password1'] = "";
if ( isset($_POST['password2']) )
$_SESSION['MAIN_Password2'] = DB_RemoveBadChars($_POST['password2']);
else
$_SESSION['MAIN_Password2'] = ""; $_SESSION['MAIN_Password2'] = "";
}
if (
strlen($_SESSION['MAIN_Password1']) < 4 ||
$_SESSION['MAIN_Password1'] != $_SESSION['MAIN_Password2']
)
RevertOneStep( $content['INSTALL_STEP']-1, $content['LN_INSTALL_PASSWORDNOTMATCH'] );
// --- Now execute all commands // --- Now execute all commands
ini_set('error_reporting', E_WARNING); // Enable Warnings! ini_set('error_reporting', E_WARNING); // Enable Warnings!
@ -709,7 +750,7 @@ else if ( $content['INSTALL_STEP'] == 8 )
// If we reached this point, we have gathered all necessary information to create our configuration file ;)! // If we reached this point, we have gathered all necessary information to create our configuration file ;)!
$filebuffer = LoadDataFile($configsamplefile); $filebuffer = LoadDataFile($configsamplefile);
// Sez helper variables and init user vars if needed! // Set helper variables and init user vars if needed!
if ( isset($_SESSION['UserDBEnabled']) && $_SESSION['UserDBEnabled'] ) { $_SESSION['UserDBEnabled_value'] = "true"; } else { $_SESSION['UserDBEnabled_value'] = "false"; } if ( isset($_SESSION['UserDBEnabled']) && $_SESSION['UserDBEnabled'] ) { $_SESSION['UserDBEnabled_value'] = "true"; } else { $_SESSION['UserDBEnabled_value'] = "false"; }
if ( isset($_SESSION['UserDBLoginRequired']) && $_SESSION['UserDBLoginRequired'] ) { $_SESSION['UserDBLoginRequired_value'] = "true"; } else { $_SESSION['UserDBLoginRequired_value'] = "false"; } if ( isset($_SESSION['UserDBLoginRequired']) && $_SESSION['UserDBLoginRequired'] ) { $_SESSION['UserDBLoginRequired_value'] = "true"; } else { $_SESSION['UserDBLoginRequired_value'] = "false"; }
if ( !isset($_SESSION['UserDBServer'])) { $_SESSION['UserDBServer'] = "localhost"; } if ( !isset($_SESSION['UserDBServer'])) { $_SESSION['UserDBServer'] = "localhost"; }
@ -718,6 +759,16 @@ else if ( $content['INSTALL_STEP'] == 8 )
if ( !isset($_SESSION['UserDBPref'])) { $_SESSION['UserDBPref'] = "logcon_"; } if ( !isset($_SESSION['UserDBPref'])) { $_SESSION['UserDBPref'] = "logcon_"; }
if ( !isset($_SESSION['UserDBUser'])) { $_SESSION['UserDBUser'] = "root"; } if ( !isset($_SESSION['UserDBUser'])) { $_SESSION['UserDBUser'] = "root"; }
if ( !isset($_SESSION['UserDBPass'])) { $_SESSION['UserDBPass'] = ""; } if ( !isset($_SESSION['UserDBPass'])) { $_SESSION['UserDBPass'] = ""; }
if ( !isset($_SESSION['UserDBAuthMode'])) { $_SESSION['UserDBAuthMode'] = USERDB_AUTH_INTERNAL; }
// LDAP vars
if ( !isset($_SESSION['LDAPServer'])) { $_SESSION['LDAPServer'] = "127.0.0.1"; }
if ( !isset($_SESSION['LDAPPort'])) { $_SESSION['LDAPPort'] = "389"; }
if ( !isset($_SESSION['LDAPBaseDN'])) { $_SESSION['LDAPBaseDN'] = "CN=Users,DC=domain,DC=local"; }
if ( !isset($_SESSION['LDAPSearchFilter'])) { $_SESSION['LDAPSearchFilter'] = "(objectClass=user)"; }
if ( !isset($_SESSION['LDAPUidAttribute'])) { $_SESSION['LDAPUidAttribute'] = "sAMAccountName"; }
if ( !isset($_SESSION['LDAPBindDN'])) { $_SESSION['LDAPBindDN'] = "CN=Searchuser,CN=Users,DC=domain,DC=local"; }
if ( !isset($_SESSION['LDAPBindPassword'])) { $_SESSION['LDAPBindPassword'] = "Password"; }
// Start replacing existing sample configurations // Start replacing existing sample configurations
$patterns[] = "/\\\$CFG\['ViewMessageCharacterLimit'\] = [0-9]{1,2};/"; $patterns[] = "/\\\$CFG\['ViewMessageCharacterLimit'\] = [0-9]{1,2};/";
@ -733,6 +784,14 @@ else if ( $content['INSTALL_STEP'] == 8 )
$patterns[] = "/\\\$CFG\['UserDBUser'\] = (.*?);/"; $patterns[] = "/\\\$CFG\['UserDBUser'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['UserDBPass'\] = (.*?);/"; $patterns[] = "/\\\$CFG\['UserDBPass'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['UserDBLoginRequired'\] = (.*?);/"; $patterns[] = "/\\\$CFG\['UserDBLoginRequired'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['UserDBAuthMode'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPServer'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPPort'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPBaseDN'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPSearchFilter'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPUidAttribute'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPBindDN'\] = (.*?);/";
$patterns[] = "/\\\$CFG\['LDAPBindPassword'\] = (.*?);/";
$replacements[] = "\$CFG['ViewMessageCharacterLimit'] = " . $_SESSION['ViewMessageCharacterLimit'] . ";"; $replacements[] = "\$CFG['ViewMessageCharacterLimit'] = " . $_SESSION['ViewMessageCharacterLimit'] . ";";
$replacements[] = "\$CFG['ViewStringCharacterLimit'] = " . $_SESSION['ViewStringCharacterLimit'] . ";"; $replacements[] = "\$CFG['ViewStringCharacterLimit'] = " . $_SESSION['ViewStringCharacterLimit'] . ";";
@ -747,6 +806,14 @@ else if ( $content['INSTALL_STEP'] == 8 )
$replacements[] = "\$CFG['UserDBUser'] = '" . $_SESSION['UserDBUser'] . "';"; $replacements[] = "\$CFG['UserDBUser'] = '" . $_SESSION['UserDBUser'] . "';";
$replacements[] = "\$CFG['UserDBPass'] = '" . $_SESSION['UserDBPass'] . "';"; $replacements[] = "\$CFG['UserDBPass'] = '" . $_SESSION['UserDBPass'] . "';";
$replacements[] = "\$CFG['UserDBLoginRequired'] = " . $_SESSION['UserDBLoginRequired_value'] . ";"; $replacements[] = "\$CFG['UserDBLoginRequired'] = " . $_SESSION['UserDBLoginRequired_value'] . ";";
$replacements[] = "\$CFG['UserDBAuthMode'] = " . $_SESSION['UserDBAuthMode'] . ";";
$replacements[] = "\$CFG['LDAPServer'] = '" . $_SESSION['LDAPServer'] . "';";
$replacements[] = "\$CFG['LDAPPort'] = " . $_SESSION['LDAPPort'] . ";";
$replacements[] = "\$CFG['LDAPBaseDN'] = '" . $_SESSION['LDAPBaseDN'] . "';";
$replacements[] = "\$CFG['LDAPSearchFilter'] = '" . $_SESSION['LDAPSearchFilter'] . "';";
$replacements[] = "\$CFG['LDAPUidAttribute'] = '" . $_SESSION['LDAPUidAttribute'] . "';";
$replacements[] = "\$CFG['LDAPBindDN'] = '" . $_SESSION['LDAPBindDN'] . "';";
$replacements[] = "\$CFG['LDAPBindPassword'] = '" . $_SESSION['LDAPBindPassword'] . "';";
//User Database Options //User Database Options
if ( isset($_SESSION['UserDBEnabled']) && $_SESSION['UserDBEnabled'] ) if ( isset($_SESSION['UserDBEnabled']) && $_SESSION['UserDBEnabled'] )

3
src/lang/en/main.php
View File

@ -240,6 +240,8 @@ $content['LN_LOGIN_USERPASSMISSING'] = "Username or password not given";
$content['LN_LOGIN_LDAP_USERNOTFOUND'] = "User '%1' could not be found"; $content['LN_LOGIN_LDAP_USERNOTFOUND'] = "User '%1' could not be found";
$content['LN_LOGIN_LDAP_USERCOULDNOTLOGIN'] = "Could not login user '%1', LDAP error: %2"; $content['LN_LOGIN_LDAP_USERCOULDNOTLOGIN'] = "Could not login user '%1', LDAP error: %2";
$content['LN_LOGIN_LDAP_PASSWORDFAIL'] = "User '%1' could not login with the given password"; $content['LN_LOGIN_LDAP_PASSWORDFAIL'] = "User '%1' could not login with the given password";
$content['LN_LOGIN_LDAP_SERVERFAILED'] = "Failed to connect to LDAP Server '%1'";
$content['LN_LOGIN_LDAP_USERBINDFAILED'] = "Could not bind with the Search user DN '%1'";
// Install Site // Install Site
@ -294,6 +296,7 @@ $content['LN_INSTALL_PASSWORDREPEAT'] = "Repeat Password";
$content['LN_INSTALL_SUCCESSCREATED'] = "Successfully created User"; $content['LN_INSTALL_SUCCESSCREATED'] = "Successfully created User";
$content['LN_INSTALL_RECHECK'] = "ReCheck"; $content['LN_INSTALL_RECHECK'] = "ReCheck";
$content['LN_INSTALL_FINISH'] = "Finish!"; $content['LN_INSTALL_FINISH'] = "Finish!";
$content['LN_INSTALL_LDAPCONNECTFAILED'] = "Failed to connect to your LDAP Server '%1'.";
$content['LN_INSTALL_'] = ""; $content['LN_INSTALL_'] = "";
// Converter Site // Converter Site

2
src/templates/admin/admin_users.html
View File

@ -42,9 +42,11 @@
</td> </td>
</tr> </tr>
<!-- END USERS --> <!-- END USERS -->
<!-- IF ALLOWADDUSERS="true" -->
<tr> <tr>
<td align="center" colspan="5" class="line0"><b><a href="{BASEPATH}admin/users.php?op=add"><img src="{MENU_ADDUSER}" title="{LN_USER_ADD}">&nbsp;{LN_USER_ADD}</a></b></td> <td align="center" colspan="5" class="line0"><b><a href="{BASEPATH}admin/users.php?op=add"><img src="{MENU_ADDUSER}" title="{LN_USER_ADD}">&nbsp;{LN_USER_ADD}</a></b></td>
</tr> </tr>
<!-- ENDIF ALLOWADDUSERS="true" -->
</table> </table>
<!-- ENDIF LISTUSERS="true" --> <!-- ENDIF LISTUSERS="true" -->