From 861e112cece535840746877ec039674709da9442 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Tue, 14 Nov 2017 12:36:32 +0100 Subject: [PATCH 1/4] Added token to pandora auth conf --- pandora_console/include/functions_config.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index 06f0d090b5..e955e8dc28 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -325,6 +325,8 @@ function config_update_config () { $error_update[] = __('Advanced Config AD'); if (!config_update_value ('ldap_advanced_config', get_parameter ('ldap_advanced_config'))) $error_update[] = __('Advanced Config LDAP'); + if (!config_update_value ('ldap_no_create_password', get_parameter ('ldap_no_create_password'))) + $error_update[] = __('No create password LDAP'); if (!config_update_value ('ad_domain', get_parameter ('ad_domain'))) $error_update[] = __('Domain'); if (!config_update_value ('ad_adv_perms', get_parameter ('ad_adv_perms'))) From efa762626b79a763114866c5de0e6065ba5bbd71 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Tue, 14 Nov 2017 12:47:23 +0100 Subject: [PATCH 2/4] Changed text to new token --- pandora_console/include/functions_config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index e955e8dc28..d61087bb2c 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -326,7 +326,7 @@ function config_update_config () { if (!config_update_value ('ldap_advanced_config', get_parameter ('ldap_advanced_config'))) $error_update[] = __('Advanced Config LDAP'); if (!config_update_value ('ldap_no_create_password', get_parameter ('ldap_no_create_password'))) - $error_update[] = __('No create password LDAP'); + $error_update[] = __('Save Password'); if (!config_update_value ('ad_domain', get_parameter ('ad_domain'))) $error_update[] = __('Domain'); if (!config_update_value ('ad_adv_perms', get_parameter ('ad_adv_perms'))) From 8a1ba7130f11c6dc7b5e2647854a2a602788c978 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Tue, 14 Nov 2017 13:11:11 +0100 Subject: [PATCH 3/4] Added restriction to no pass token --- pandora_console/include/functions_config.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index d61087bb2c..bb56263a61 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -325,8 +325,6 @@ function config_update_config () { $error_update[] = __('Advanced Config AD'); if (!config_update_value ('ldap_advanced_config', get_parameter ('ldap_advanced_config'))) $error_update[] = __('Advanced Config LDAP'); - if (!config_update_value ('ldap_no_create_password', get_parameter ('ldap_no_create_password'))) - $error_update[] = __('Save Password'); if (!config_update_value ('ad_domain', get_parameter ('ad_domain'))) $error_update[] = __('Domain'); if (!config_update_value ('ad_adv_perms', get_parameter ('ad_adv_perms'))) @@ -347,7 +345,15 @@ function config_update_config () { $error_update[] = __('Login attribute'); if (!config_update_value ('fallback_local_auth', get_parameter ('fallback_local_auth'))) $error_update[] = __('Fallback to local authentication'); - + + if (isset($config['fallback_local_auth']) && $config['fallback_local_auth'] == 0) { + if (!config_update_value ('ldap_no_create_password', get_parameter ('ldap_no_create_password'))) + $error_update[] = __('Save Password'); + } + else if (isset($config['fallback_local_auth']) && $config['fallback_local_auth'] == 1) { + config_update_value ('ldap_no_create_password', 0); + } + if (!config_update_value ('rpandora_server', get_parameter ('rpandora_server'))) $error_update[] = __('MySQL host'); if (!config_update_value ('rpandora_port', get_parameter ('rpandora_port'))) From 75cb2a668f4a87c0ba5f0dabb5ab94df43024605 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Tue, 14 Nov 2017 16:20:26 +0100 Subject: [PATCH 4/4] Added a lot of changes to save or not user password, only ldap --- pandora_console/include/auth/mysql.php | 39 ++++++++++---------- pandora_console/include/functions_config.php | 4 +- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index 372f9dfc58..b0dabd2f1d 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -240,26 +240,19 @@ function process_user_login_remote ($login, $pass, $api = false) { } } } - elseif (($config["auth"] === 'ldap') && - (isset($config['ldap_advanced_config']) && $config['ldap_advanced_config'])) { + elseif ($config["auth"] === 'ldap') { + if ($config['ldap_save_password']) { + $update_credentials = change_local_user_pass_ldap ($login, $pass); - $return = enterprise_hook ('prepare_permissions_groups_of_user_ldap', - array ($login, $pass, false, true, defined('METACONSOLE'))); - - if ($return === "error_permissions") { - $config["auth_error"] = - __("Problems with configuration permissions. Please contact with Administrator"); - return false; - } - else { - if ($return === "permissions_changed") { + if ($update_credentials) { $config["auth_error"] = __("Your permissions have changed. Please, login again."); return false; } } - - change_local_user_pass_ldap ($login, $pass); + else { + delete_user_pass_ldap ($login); + } } return $login; @@ -310,9 +303,7 @@ function process_user_login_remote ($login, $pass, $api = false) { return false; } } - elseif ($config["auth"] === 'ldap' && - (isset($config['ldap_advanced_config']) && - $config['ldap_advanced_config'])) { + elseif ($config["auth"] === 'ldap') { if ( defined('METACONSOLE') ) { enterprise_include_once('include/functions_metaconsole.php'); enterprise_include_once ('meta/include/functions_groups_meta.php'); @@ -717,7 +708,7 @@ function ldap_process_user_login ($login, $password) { $correct = false; if(!empty($ldap_base_dn)) { - if (strlen($password) != 0 && @ldap_bind($ds, $memberof['dn'], $password) ) { + if (strlen($password) != 0 && @ldap_bind($ds, io_safe_output($memberof['dn']), $password) ) { $correct = true; } } @@ -770,13 +761,23 @@ function is_user_blacklisted ($user) { function change_local_user_pass_ldap ($id_user, $password) { $local_user_pass = db_get_value_filter('password', 'tusuario', array('id_user' => $id_user)); + $return = false; if (md5($password) !== $local_user_pass) { $values_update = array(); $values_update['password'] = md5($password); - db_process_sql_update('tusuario', $values_update, array('id_user' => $id_user)); + $return = db_process_sql_update('tusuario', $values_update, array('id_user' => $id_user)); } + return $return; +} + +function delete_user_pass_ldap ($id_user) { + $values_update = array(); + $values_update['password'] = null; + + $return = db_process_sql_update('tusuario', $values_update, array('id_user' => $id_user)); + return; } diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index bb56263a61..844acb85c5 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -347,11 +347,11 @@ function config_update_config () { $error_update[] = __('Fallback to local authentication'); if (isset($config['fallback_local_auth']) && $config['fallback_local_auth'] == 0) { - if (!config_update_value ('ldap_no_create_password', get_parameter ('ldap_no_create_password'))) + if (!config_update_value ('ldap_save_password', get_parameter ('ldap_save_password'))) $error_update[] = __('Save Password'); } else if (isset($config['fallback_local_auth']) && $config['fallback_local_auth'] == 1) { - config_update_value ('ldap_no_create_password', 0); + config_update_value ('ldap_save_password', 1); } if (!config_update_value ('rpandora_server', get_parameter ('rpandora_server')))