tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-2570-6239-ldap-grupos-secundarios' into 'develop' 

Ent 2570 6239 ldap grupos secundarios

See merge request artica/pandorafms!2110

Former-commit-id: f710fa17c372e5dde1401d5cafa47a3e4ac56711
This commit is contained in:
fermin 2019-01-14 10:53:45 +01:00
parent ad9a316a47 f0c0a86533
commit 98c0bbec9a
3 changed files with 53 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
pandora_console/include/auth/mysql.php
View File

@ -269,32 +269,8 @@ function process_user_login_remote ($login, $pass, $api = false) {
else {
delete_user_pass_ldap ($login);
}
$permissions = array();
if($config['ldap_advanced_config']){
$i = 0;
$ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
foreach ($ldap_adv_perms as $ldap_adv_perm) {
$attributes = $ldap_adv_perm['groups_ldap'];
foreach ($attributes as $attr) {
$attr = explode('=', $attr, 2);
foreach ($sr[$attr[0]] as $s_attr) {
if(preg_match('/' . $attr[1] . '/', $s_attr)){
$permissions[$i]["profile"] = $ldap_adv_perm['profile'];
$permissions[$i]["groups"] = $ldap_adv_perm['group'];
$permissions[$i]["tags"] = implode(",",$ldap_adv_perm['tags']);
$i++;
}
}
}
}
} else {
$permissions[0]["profile"] = $config['default_remote_profile'];
$permissions[0]["groups"][] = $config['default_remote_group'];
$permissions[0]["tags"] = $config['default_assign_tags'];
}
$permissions = fill_permissions_ldap($sr);
if(empty($permissions)) {
$config["auth_error"] = __("User not found in database or incorrect password");
return false;
@ -388,33 +364,7 @@ function process_user_login_remote ($login, $pass, $api = false) {
}
}
$permissions = array();
if($config['ldap_advanced_config']){
$i = 0;
$ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
foreach ($ldap_adv_perms as $ldap_adv_perm) {
$attributes = $ldap_adv_perm['groups_ldap'];
foreach ($attributes as $attr) {
$attr = explode('=', $attr, 2);
foreach ($sr[$attr[0]] as $s_attr) {
if(preg_match('/' . $attr[1] . '/', $s_attr)){
$permissions[$i]["profile"] = $ldap_adv_perm['profile'];
$permissions[$i]["groups"] = $ldap_adv_perm['group'];
$permissions[$i]["tags"] = implode(",",$ldap_adv_perm['tags']);
$i++;
}
}
}
}
} else {
$permissions[0]["profile"] = $config['default_remote_profile'];
$permissions[0]["groups"][] = $config['default_remote_group'];
$permissions[0]["tags"] = $config['default_assign_tags'];
}
$permissions = fill_permissions_ldap($sr);
if(empty($permissions)) {
$config["auth_error"] = __("User not found in database or incorrect password");
return false;
@ -904,10 +854,11 @@ function create_user_and_permisions_ldap ($id_user, $password, $user_info,
$id_profile = $permission["profile"];
$id_groups = $permission["groups"];
$tags = $permission["tags"];
$no_hierarchy = (bool)$permission["no_hierarchy"] ? 1 : 0;
foreach ($id_groups as $id_group) {
$profile = profile_create_user_profile(
$id_user, $id_profile, $id_group, false, $tags);
$id_user, $id_profile, $id_group, false, $tags, $no_hierarchy);
}
if ( defined("METACONSOLE") && $syncronize ) {
@ -934,7 +885,7 @@ function create_user_and_permisions_ldap ($id_user, $password, $user_info,
db_process_sql_insert ("tusuario", $values);
foreach ($id_groups as $id_group) {
$profile = profile_create_user_profile ($id_user,
$id_profile, $id_group, false, $tags);
$id_profile, $id_group, false, $tags, $no_hierarchy);
}
}
@ -1141,6 +1092,46 @@ function check_permission_ldap ($id_user, $password, $user_info,
}
}
/**
* Fill permissions array with setup values
*
* @param string sr return value from LDAP connection
*
* @return array with all permission on LDAP authentication
*/
function fill_permissions_ldap ($sr) {
global $config;
$permissions = array();
if(!$config['ldap_advanced_config']){
$permissions[0]["profile"] = $config['default_remote_profile'];
$permissions[0]["groups"][] = $config['default_remote_group'];
$permissions[0]["tags"] = $config['default_assign_tags'];
$permissions[0]["no_hierarchy"] = $config['default_no_hierarchy'];
return $permissions;
}
// Decode permissions in advanced mode
$ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
foreach ($ldap_adv_perms as $ldap_adv_perm) {
$attributes = $ldap_adv_perm['groups_ldap'];
foreach ($attributes as $attr) {
$attr = explode('=', $attr, 2);
foreach ($sr[$attr[0]] as $s_attr) {
if(preg_match('/' . $attr[1] . '/', $s_attr)){
$permissions[] = array(
"profile" => $ldap_adv_perm['profile'],
"groups" => $ldap_adv_perm['group'],
"tags" => implode(",",$ldap_adv_perm['tags']),
"no_hierarchy" => (bool)$ldap_adv_perm['no_hierarchy'] ? 1 : 0
);
}
}
}
}
return $permissions;
}
/**
* Update local user pass from ldap user
*

7
pandora_console/include/functions_config.php
View File

@ -312,6 +312,8 @@ function config_update_config () {
$error_update[] = __('Autocreate profile group');
if (!config_update_value ('default_assign_tags', implode(",",get_parameter ('default_assign_tags'))))
$error_update[] = __('Autocreate profile tags');
if (!config_update_value ('default_no_hierarchy', (int)get_parameter ('default_no_hierarchy')))
$error_update[] = __('Automatically assigned no hierarchy');
if (!config_update_value ('autocreate_blacklist', get_parameter ('autocreate_blacklist')))
$error_update[] = __('Autocreate blacklist');
@ -1452,7 +1454,10 @@ function config_process_config () {
if (!isset ($config['default_assign_tags'])) {
config_update_value ( 'default_assign_tags', '');
}
if (!isset ($config['default_no_hierarchy'])) {
config_update_value ('default_no_hierarchy', 0);
}
if (!isset ($config['ldap_server'])) {
config_update_value ( 'ldap_server', 'localhost');
}

6
pandora_console/include/functions_profile.php
View File

@ -79,14 +79,10 @@ function profile_create_user_profile ($id_user,
$tags = '',
$no_hierarchy = false
) {
global $config;
if (empty ($id_profile) || $id_group < 0)
return false;
// Secondary server is an enterprise function
if (!enterprise_installed() && $no_hierarchy) return false;
return false;
// Checks if the user exists
$result_user = users_get_user_by_id($id_user);