2010-08-10 Ramon Novoa <rnovoa@artica.es>

* operation/events/export_csv.php,
          operation/agentes/stat_win.php,
          operation/reporting/reporting_xml.php: Fixed includes.

        * godmode/setup/setup_auth.php,
          include/functions_config.php,
          include/auth/mysql.php: Added support for a remote user blacklist.

        * include/help/en/help_autocreate_blacklist.php,
          include/help/es/help_autocreate_blacklist.php: Added to repository.
          Blacklist help files.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3120 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,3 +1,17 @@
+2010-08-10  Ramon Novoa  <rnovoa@artica.es>
+
+	* operation/events/export_csv.php,
+	  operation/agentes/stat_win.php,
+	  operation/reporting/reporting_xml.php: Fixed includes.
+
+	* godmode/setup/setup_auth.php,
+	  include/functions_config.php,
+	  include/auth/mysql.php: Added support for a remote user blacklist.
+
+	* include/help/en/help_autocreate_blacklist.php,
+	  include/help/es/help_autocreate_blacklist.php: Added to repository.
+	  Blacklist help files.
+
 2010-08-10  Sergio Martin <sergio.martin@artica.es>
 
 	* operation/agentes/networkmap.php: Fixed several notices. When 

pandora_console/godmode/setup/setup_auth.php

@@ -51,34 +51,36 @@ if ($profile_list === false) {
 $table->data[2][1] = print_select ($profile_list, 'default_remote_profile', $config['default_remote_profile'], '', '', '', true, false, true, '', $config['autocreate_remote_users'] == 0);
 $table->data[3][0] = __('Autocreate profile group');
 $table->data[3][1] = print_select_groups ($config['id_user'], "AR", true, 'default_remote_group', $config['default_remote_group'], '', '', '', true, false, true, '', $config['autocreate_remote_users'] == 0);
-for ($i = 1; $i <= 3; $i++) {
+$table->data[4][0] = __('Autocreate blacklist') . print_help_icon ('autocreate_blacklist', true);
+$table->data[4][1] = print_input_text ('autocreate_blacklist', $config['autocreate_blacklist'], '', 60, 100, true);
+for ($i = 1; $i <= 4; $i++) {
 	$table->rowstyle[$i] = $config['auth'] != 'mysql' ? '' : 'display: none;';
 	$table->rowclass[$i] = 'remote';
 }
 
-$table->data[4][0] = __('LDAP server');
-$table->data[4][1] = print_input_text ('ldap_server', $config['ldap_server'], '', 30, 100, true);
-$table->data[5][0] = __('LDAP port');
-$table->data[5][1] = print_input_text ('ldap_port', $config['ldap_port'], '', 10, 100, true);
-$table->data[6][0] = __('LDAP version');
+$table->data[5][0] = __('LDAP server');
+$table->data[5][1] = print_input_text ('ldap_server', $config['ldap_server'], '', 30, 100, true);
+$table->data[6][0] = __('LDAP port');
+$table->data[6][1] = print_input_text ('ldap_port', $config['ldap_port'], '', 10, 100, true);
+$table->data[7][0] = __('LDAP version');
 $ldap_versions = array (1 => 'LDAPv1', 2 => 'LDAPv2', 3 => 'LDAPv3');
-$table->data[6][1] = print_select ($ldap_versions, 'ldap_version', $config['ldap_version'], '', '', 0, true);
-$table->data[7][0] = __('Start TLS');
-$table->data[7][1] = __('Yes').'&nbsp;'.print_radio_button ('ldap_start_tls', 1, '', $config['ldap_start_tls'], true).'&nbsp;&nbsp;';
-$table->data[7][1] .= __('No').'&nbsp;'.print_radio_button ('ldap_start_tls', 0, '', $config['ldap_start_tls'], true);
-$table->data[8][0] = __('Base DN');
-$table->data[8][1] = print_input_text ('ldap_base_dn', $config['ldap_base_dn'], '', 60, 100, true);
-$table->data[9][0] = __('Login attribute');
-$table->data[9][1] = print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
+$table->data[7][1] = print_select ($ldap_versions, 'ldap_version', $config['ldap_version'], '', '', 0, true);
+$table->data[8][0] = __('Start TLS');
+$table->data[8][1] = __('Yes').'&nbsp;'.print_radio_button ('ldap_start_tls', 1, '', $config['ldap_start_tls'], true).'&nbsp;&nbsp;';
+$table->data[8][1] .= __('No').'&nbsp;'.print_radio_button ('ldap_start_tls', 0, '', $config['ldap_start_tls'], true);
+$table->data[9][0] = __('Base DN');
+$table->data[9][1] = print_input_text ('ldap_base_dn', $config['ldap_base_dn'], '', 60, 100, true);
+$table->data[10][0] = __('Login attribute');
+$table->data[10][1] = print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
 
 // Hide LDAP configuration options
-for ($i = 4; $i <= 9; $i++) {
+for ($i = 5; $i <= 10; $i++) {
 	$table->rowstyle[$i] = $config['auth'] == 'ldap' ? '' : 'display: none;';
 	$table->rowclass[$i] = 'ldap';
 }
 
 // Add enterprise authentication options
-enterprise_hook ('add_enterprise_auth_options', array (&$table, 10));
+enterprise_hook ('add_enterprise_auth_options', array (&$table, 11));
 
 echo '<form id="form_setup" method="post">';
 print_input_hidden ('update_config', 1);
@@ -113,9 +115,11 @@ echo '</form>';
 		if (remote_auto == 0) {
 			$("#default_remote_profile").attr("disabled", true);
 			$("#default_remote_group").attr("disabled", true);
+			$("#autocreate_blacklist").attr("disabled", true);
 		} else {
 			$("#default_remote_profile").attr("disabled", false);
 			$("#default_remote_group").attr("disabled", false);
+			$("#autocreate_blacklist").attr("disabled", false);
 		}
 	}
 </script>

pandora_console/include/auth/mysql.php

@@ -153,8 +153,8 @@ function process_user_login ($login, $pass) {
 		}
 
 		// The user does not exist and can not be created
-		if ($config['autocreate_remote_users'] == 0) {
-			$config["auth_error"] = "User not found in database or incorrect password";
+		if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted ($login)) {
+			$config["auth_error"] = "Ooops User not found in database or incorrect password";
 			return false;
 		}
 
@@ -422,6 +422,26 @@ function ldap_process_user_login ($login, $password) {
 	return true;
 }
 
+/**
+ * Checks if a user is in the autocreate blacklist.
+ *
+ * @param string User
+ *
+ * @return bool True if the user is in the blacklist, false otherwise.
+ */
+function is_user_blacklisted ($user) {
+	global $config;
+	
+	$blisted_users = explode (',', $config['autocreate_blacklist']);
+	foreach ($blisted_users as $blisted_user) {
+		if ($user == $blisted_user) {
+			return true;
+		}
+	}
+	
+	return false;
+}
+
 //Reference the global use authorization error to last auth error.
 $config["auth_error"] = &$mysql_cache["auth_error"];
 ?>

pandora_console/include/functions_config.php

@@ -182,6 +182,7 @@ function update_config () {
 	update_config_value ('gis_purge', get_parameter ('gis_purge', $config['gis_purge']));
 	update_config_value ('auth', get_parameter ('auth', $config['auth']));
 	update_config_value ('autocreate_remote_users', get_parameter ('autocreate_remote_users', $config['autocreate_remote_users']));
+	update_config_value ('autocreate_blacklist', get_parameter ('autocreate_blacklist', $config['autocreate_blacklist']));
 	update_config_value ('default_remote_profile', get_parameter ('default_remote_profile', $config['default_remote_profile']));
 	update_config_value ('default_remote_group', get_parameter ('default_remote_group', $config['default_remote_group']));
 
@@ -443,6 +444,10 @@ function process_config () {
 		update_config_value ('autocreate_remote_users', 0);
 	}
 
+	if (!isset ($config['autocreate_blacklist'])) {
+		update_config_value ('autocreate_blacklist', '');
+	}
+
 	if (!isset ($config['default_remote_profile'])) {
 		update_config_value ('default_remote_profile', 0);
 	}

pandora_console/include/help/en/help_autocreate_blacklist.php

@@ -0,0 +1,8 @@
+<?php
+/**
+ * @package Include/help/en
+ */
+?>
+<h1>Autocreate blacklist</h1>
+
+A comma separated list of user names that will not be autocreated.

pandora_console/include/help/es/help_autocreate_blacklist.php

@@ -0,0 +1,8 @@
+<?php
+/**
+ * @package Include/help/en
+ */
+?>
+<h1>Autocreate blacklist</h1>
+
+Una lista separada por comas de usuarios que no se crearán de forma automática.

pandora_console/operation/agentes/stat_win.php

@@ -17,12 +17,8 @@
 
 // Global & session management
 require_once ('../../include/config.php');
-if (!isset ($config["auth"])) {
-	require_once ($config["homedir"]."/include/auth/mysql.php");
-} else {
-	require_once ($config["homedir"]."/include/auth/".$config["auth"]["scheme"].".php");
-}
-	
+require_once ('../../include/auth/mysql.php');
+
 if (! isset($_SESSION["id_user"])) {
 	session_start();
 	session_write_close();

pandora_console/operation/events/export_csv.php

@@ -16,11 +16,7 @@
 session_start();
 
 require_once ("../../include/config.php");
-if (!isset ($config["auth"])) {
-	require_once ("../../include/auth/mysql.php");
-} else {
-	require_once ("../../include/auth/".$config["auth"]["scheme"].".php");
-}
+require_once ("../../include/auth/mysql.php");
 require_once ("../../include/functions.php");
 require_once ("../../include/functions_db.php");
 require_once ("../../include/functions_events.php");

pandora_console/operation/reporting/reporting_xml.php

@@ -70,12 +70,7 @@ if (isset ($_GET["direct"])) {
 	*/
 	require_once ("../../include/config.php");
 	require_once ("../../include/functions_reporting.php");
-	
-	if (!isset ($config["auth"])) {
-		require_once ("include/auth/mysql.php");
-	} else {
-		require_once ("include/auth/".$config["auth"]["scheme"].".php");
-	}
+	require_once ("../../include/auth/mysql.php");
 	
 	$nick = get_parameter ("nick");
 	$pass = get_parameter ("pass");
@@ -100,12 +95,7 @@ if (isset ($_GET["direct"])) {
 } else {
 	require_once ("include/config.php");
 	require_once ("include/functions_reporting.php");
-	
-	if (!isset ($config["auth"])) {
-		require_once ("include/auth/mysql.php");
-	} else {
-		require_once ("include/auth/".$config["auth"]["scheme"].".php");
-	}	
+	require_once ("include/auth/mysql.php");	
 }
 
 check_login ();