From 7892d6bcb8bc03c451cbcea6f21e4cf2db4fa22b Mon Sep 17 00:00:00 2001 From: mdtrooper Date: Mon, 4 Jan 2016 16:46:18 +0100 Subject: [PATCH] Fixed the login of new user from ldap in metaconsole. TICKET: #3118 --- pandora_console/include/auth/mysql.php | 91 ++++++++++--------- pandora_console/include/functions_profile.php | 8 +- 2 files changed, 54 insertions(+), 45 deletions(-) diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index 625abcf53d..240e11d4c3 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -172,7 +172,9 @@ function process_user_login_local ($login, $pass, $api = false) { function process_user_login_remote ($login, $pass, $api = false) { global $config, $mysql_cache; - + + + // Remote authentication switch ($config["auth"]) { // LDAP @@ -225,23 +227,29 @@ function process_user_login_remote ($login, $pass, $api = false) { // Authentication ok, check if the user exists in the local database if (is_user ($login)) { + + if (!user_can_login($login)) { return false; } - if (($config["auth"] === 'ad') && (isset($config['ad_advanced_config']) && $config['ad_advanced_config'])){ + if (($config["auth"] === 'ad') && + (isset($config['ad_advanced_config']) && $config['ad_advanced_config'])) { + + + $return = enterprise_hook ('prepare_permissions_groups_of_user_ad', array ($login, $pass, false, true)); if ($return === "error_permissions") { - $config["auth_error"] = __("Problems with configuration - permissions. Please contact with Administrator"); + $config["auth_error"] = + __("Problems with configuration permissions. Please contact with Administrator"); return false; } - else - { + else { if ($return === "permissions_changed") { - $config["auth_error"] = __("Your permissions have changed. Please, login again."); + $config["auth_error"] = + __("Your permissions have changed. Please, login again."); return false; } } @@ -250,6 +258,8 @@ function process_user_login_remote ($login, $pass, $api = false) { } + + // The user does not exist and can not be created if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted ($login)) { $config["auth_error"] = __("Ooops User not found in @@ -260,11 +270,33 @@ function process_user_login_remote ($login, $pass, $api = false) { // Create the user in the local database if (isset($config['ad_advanced_config']) && $config['ad_advanced_config']) { - // Create the user in the local database enterprise_hook ('prepare_permissions_groups_of_user_ad', array ($login, $pass)) + + + if ( defined('METACONSOLE') ) { + enterprise_include_once('include/functions_metaconsole.php'); + enterprise_include_once ('meta/include/functions_groups_meta.php'); + + $return = groups_meta_synchronizing(); + + if ($return["group_create_err"] > 0 || $return["group_update_err"] > 0) { + $config["auth_error"] = __('Fail the group synchronizing'); + return false; + } + + $return = meta_tags_synchronizing(); + if ($return['tag_create_err'] > 0 || $return['tag_update_err'] > 0) { + $config["auth_error"] = __('Fail the tag synchronizing'); + return false; + } + } + + // Create the user if (enterprise_hook ('prepare_permissions_groups_of_user_ad', - array ($login, $pass, array ('fullname' => $login, - 'comments' => 'Imported from ' . - $config['auth']))) === false) { + array($login, + $pass, + array ('fullname' => $login, + 'comments' => 'Imported from ' . $config['auth']), + false, defined('METACONSOLE'))) === false) { $config["auth_error"] = __("User not found in database or incorrect password"); @@ -281,45 +313,16 @@ function process_user_login_remote ($login, $pass, $api = false) { $config["auth_error"] = __("User not found in database or incorrect password"); return false; } + + //TODO: Check the creation in the nodes + profile_create_user_profile ($login, $config['default_remote_profile'], $config['default_remote_group'], false, $config['default_assign_tags']); } - if ( defined('METACONSOLE') ) { - if ( (isset($config['ad_autosyn']) && $config['ad_autosyn']) && - $config["auth"] === 'ad' ) { - enterprise_include_once('include/functions_metaconsole.php'); - $servers = metaconsole_get_servers(); - $error_count = 0; - $error_servers = array(); - foreach ($servers as $server) { - if ( metaconsole_connect($server) == NOERR ) { - if (create_user ($login, $pass, - array ('fullname' => $login, - 'comments' => 'Imported from ' . $config['auth']) - ) === false) { - $config["auth_error"] = __("User not found in database or incorrect password"); - return false; - } - profile_create_user_profile ($login, $config['default_remote_profile'], - $config['default_remote_group'], false, $config['default_assign_tags']); - } - else { - $error_count++; - $error_servers[$error_count] = $server['server_name']; - } - metaconsole_restore_db(); - } - if ($error_count > 0) { - $config["auth_error"] = __("Error synching with the following servers: ") . implode(',', $error_servers); - return false; - } - } - } - return $login; } - + /** * Checks if a user is administrator. * diff --git a/pandora_console/include/functions_profile.php b/pandora_console/include/functions_profile.php index c22463bb91..877933b0d4 100644 --- a/pandora_console/include/functions_profile.php +++ b/pandora_console/include/functions_profile.php @@ -18,6 +18,10 @@ * @package Include * @subpackage Profile_Functions */ + + function profile_exist($name) { + return (bool)db_get_value('id_perfil', 'tperfil', 'name', $name); + } /** * Get profile name from id. @@ -67,7 +71,9 @@ function profile_get_profiles ($filter = false) { * * @return mixed Number id if succesful, false if not */ -function profile_create_user_profile ($id_user, $id_profile = 1, $id_group = 0, $assignUser = false, $tags = '') { +function profile_create_user_profile ($id_user, + $id_profile = 1, $id_group = 0, $assignUser = false, $tags = '') { + global $config; if (empty ($id_profile) || $id_group < 0)