From dfcfc85303680bf75762d1c859a01d57cb545363 Mon Sep 17 00:00:00 2001
From: m-lopez-f <miguel.lopez@artica.es>
Date: Tue, 28 Jul 2015 16:10:45 +0200
Subject: [PATCH] Add new funcionality of remote login with Active Directory

---
 pandora_console/godmode/setup/setup_auth.php  | 42 +++++++++-------
 pandora_console/include/auth/mysql.php        | 48 +++++++++++++++----
 pandora_console/include/functions_config.php  | 31 ++++++++++++
 pandora_console/include/functions_users.php   |  3 --
 .../help/en/help_ad_advanced_permision.php    | 13 +++++
 5 files changed, 108 insertions(+), 29 deletions(-)
 create mode 100644 pandora_console/include/help/en/help_ad_advanced_permision.php

diff --git a/pandora_console/godmode/setup/setup_auth.php b/pandora_console/godmode/setup/setup_auth.php
index 978154807e..4e7ed415a6 100644
--- a/pandora_console/godmode/setup/setup_auth.php
+++ b/pandora_console/godmode/setup/setup_auth.php
@@ -58,37 +58,43 @@ if ($profile_list === false) {
 }
 $table->data[3][1] = html_print_select ($profile_list, 'default_remote_profile', $config['default_remote_profile'], '', '', '', true, false, true, '', $config['autocreate_remote_users'] == 0);
 $table->data[4][0] = __('Autocreate profile group');
-$table->data[4][1] = html_print_select_groups ($config['id_user'], "AR", true, 'default_remote_group', $config['default_remote_group'], '', '', '', true, false, true, '', $config['autocreate_remote_users'] == 0);
-$table->data[5][0] = __('Autocreate blacklist') . ui_print_help_icon ('autocreate_blacklist', true);
-$table->data[5][1] = html_print_input_text ('autocreate_blacklist', $config['autocreate_blacklist'], '', 60, 100, true);
+$table->data[4][1] = html_print_select_groups ($config['id_user'], "AR", 
+		true, 'default_remote_group', $config['default_remote_group'],
+			'', '', '', true, false, true, '', 
+			$config['autocreate_remote_users'] == 0);
+$tags = tags_get_all_tags();
+$table->data[5][0] = __('Autocreate profile tags');
+$table->data[5][1] = html_print_select($tags, 'default_assign_tags[]', explode(",",$config['default_assign_tags']), '', __('Any'), '', true, true);
+$table->data[6][0] = __('Autocreate blacklist') . ui_print_help_icon ('autocreate_blacklist', true);
+$table->data[6][1] = html_print_input_text ('autocreate_blacklist', $config['autocreate_blacklist'], '', 60, 100, true);
 for ($i = 1; $i <= 4; $i++) {
 	$table->rowstyle[$i] = $config['auth'] != 'mysql' ? '' : 'display: none;';
 	$table->rowclass[$i] = 'remote';
 }
 
-$table->data[6][0] = __('LDAP server');
-$table->data[6][1] = html_print_input_text ('ldap_server', $config['ldap_server'], '', 30, 100, true);
-$table->data[7][0] = __('LDAP port');
-$table->data[7][1] = html_print_input_text ('ldap_port', $config['ldap_port'], '', 10, 100, true);
-$table->data[8][0] = __('LDAP version');
+$table->data[7][0] = __('LDAP server');
+$table->data[7][1] = html_print_input_text ('ldap_server', $config['ldap_server'], '', 30, 100, true);
+$table->data[8][0] = __('LDAP port');
+$table->data[8][1] = html_print_input_text ('ldap_port', $config['ldap_port'], '', 10, 100, true);
+$table->data[9][0] = __('LDAP version');
 $ldap_versions = array (1 => 'LDAPv1', 2 => 'LDAPv2', 3 => 'LDAPv3');
-$table->data[8][1] = html_print_select ($ldap_versions, 'ldap_version', $config['ldap_version'], '', '', 0, true);
-$table->data[9][0] = __('Start TLS');
-$table->data[9][1] = __('Yes').'&nbsp;'.html_print_radio_button ('ldap_start_tls', 1, '', $config['ldap_start_tls'], true).'&nbsp;&nbsp;';
-$table->data[9][1] .= __('No').'&nbsp;'.html_print_radio_button ('ldap_start_tls', 0, '', $config['ldap_start_tls'], true);
-$table->data[10][0] = __('Base DN');
-$table->data[10][1] = html_print_input_text ('ldap_base_dn', $config['ldap_base_dn'], '', 60, 100, true);
-$table->data[11][0] = __('Login attribute');
-$table->data[11][1] = html_print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
+$table->data[9][1] = html_print_select ($ldap_versions, 'ldap_version', $config['ldap_version'], '', '', 0, true);
+$table->data[10][0] = __('Start TLS');
+$table->data[10][1] = __('Yes').'&nbsp;'.html_print_radio_button ('ldap_start_tls', 1, '', $config['ldap_start_tls'], true).'&nbsp;&nbsp;';
+$table->data[10][1] .= __('No').'&nbsp;'.html_print_radio_button ('ldap_start_tls', 0, '', $config['ldap_start_tls'], true);
+$table->data[11][0] = __('Base DN');
+$table->data[11][1] = html_print_input_text ('ldap_base_dn', $config['ldap_base_dn'], '', 60, 100, true);
+$table->data[12][0] = __('Login attribute');
+$table->data[12][1] = html_print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
 
 // Hide LDAP configuration options
-for ($i = 2; $i <= 11; $i++) {
+for ($i = 2; $i <= 12; $i++) {
 	$table->rowstyle[$i] = $config['auth'] == 'ldap' ? '' : 'display: none;';
 	$table->rowclass[$i] = 'ldap';
 }
 
 // Set the rows autocreation for Active Directory
-for ($i = 2; $i <= 5; $i++) {
+for ($i = 2; $i <= 6; $i++) {
 	$table->rowclass[$i] .= ' ' . 'ad';
 }
 
diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index acd6bfbd43..c2ec8525fa 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -217,7 +217,8 @@ function process_user_login_remote ($login, $pass, $api = false) {
 		
 		// Unknown authentication method
 		default:
-			$config["auth_error"] = "User not found in database or incorrect password";
+			$config["auth_error"] = "User not found in database 
+					or incorrect password";
 			return false;
 			break;
 	}
@@ -227,24 +228,55 @@ function process_user_login_remote ($login, $pass, $api = false) {
 		if (!user_can_login($login)) {
 			return false;
 		}
-		
+		if ($config["auth"] == 'ad'){
+			$return = enterprise_hook ('prepare_permissions_groups_of_user_ad',
+				array ($login, $pass, false, true));
+			
+			if (!$return) {
+				$config["auth_error"] = __("Problems with configuration
+						permissions. Please contact with Administrator");
+				return false;
+			}
+		}
 		return $login;
 	}
 	
+	
 	// The user does not exist and can not be created
 	if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted ($login)) {
-		$config["auth_error"] = "Ooops User not found in database or incorrect password";
+		$config["auth_error"] = __("Ooops User not found in 
+				database or incorrect password");
 		
 		return false;
 	}
 	
-	// Create the user in the local database
-	if (create_user ($login, $pass, array ('fullname' => $login, 'comments' => 'Imported from ' . $config['auth'])) === false) {
-		$config["auth_error"] = "User not found in database or incorrect password";
-		return false;
+	if (isset($config['ad_advanced_config']) && $config['ad_advanced_config']) {
+		// Create the user in the local database enterprise_hook ('prepare_permissions_groups_of_user_ad', array ($login, $pass))
+		if (enterprise_hook ('prepare_permissions_groups_of_user_ad',
+				array ($login, $pass, array ('fullname' => $login, 
+					'comments' => 'Imported from ' .
+						$config['auth']))) === false) {
+			
+			$config["auth_error"] = __("User not found in database 
+					or incorrect password");
+					
+			return false;
+		}
+	}
+	else{
+		// Create the user in the local database
+		if (create_user ($login, $pass,
+				array ('fullname' => $login, 
+				'comments' => 'Imported from ' . $config['auth'])
+			) === false) {
+			$config["auth_error"] = __("User not found in database or incorrect password");
+			return false;
+		}
+		profile_create_user_profile ($login, 
+				$config['default_remote_profile'], 
+					$config['default_remote_group']);
 	}
 	
-	profile_create_user_profile ($login, $config['default_remote_profile'], $config['default_remote_group']);	
 	return $login;
 }
 	
diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php
index c4419d7ef2..1432bc2a55 100644
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@@ -52,6 +52,15 @@ function config_update_value ($token, $value) {
 			io_safe_output($value));
 	}
 	
+	if ($token == 'ad_adv_perms') {
+		$value = str_replace(array("\r\n", "\r", "\n"), ";",
+			io_safe_output($value));
+	}
+	
+	if ($token == 'default_assign_tags') {
+		$value = ($value);
+	}
+	
 	if (!isset ($config[$token])) {
 		$config[$token] = $value;
 		return (bool) config_create_value ($token, io_safe_input($value));
@@ -273,6 +282,8 @@ function config_update_config () {
 						$error_update[] = __('Autocreate profile');
 					if (!config_update_value ('default_remote_group', get_parameter ('default_remote_group')))
 						$error_update[] = __('Autocreate profile group');
+					if (!config_update_value ('default_assign_tags', implode(",",get_parameter ('default_assign_tags'))))
+						$error_update[] = __('Autocreate profile tags');
 					if (!config_update_value ('autocreate_blacklist', get_parameter ('autocreate_blacklist')))
 						$error_update[] = __('Autocreate blacklist');
 					
@@ -282,8 +293,12 @@ function config_update_config () {
 						$error_update[] = __('Active directory port');
 					if (!config_update_value ('ad_start_tls', get_parameter ('ad_start_tls')))
 						$error_update[] = __('Start TLS');
+					if (!config_update_value ('ad_advanced_config', get_parameter ('ad_advanced_config')))
+						$error_update[] = __('Advance Config AD');
 					if (!config_update_value ('ad_domain', get_parameter ('ad_domain')))
 						$error_update[] = __('Domain');
+					if (!config_update_value ('ad_adv_perms', get_parameter ('ad_adv_perms')))
+						$error_update[] = __('Advanced Permisions AD');
 					
 					if (!config_update_value ('ldap_server', get_parameter ('ldap_server')))
 						$error_update[] = __('LDAP server');
@@ -1042,6 +1057,10 @@ function config_process_config () {
 		config_update_value ('default_remote_group', 0);
 	}
 	
+	if (!isset ($config['default_assign_tags'])) {
+		config_update_value ( 'default_assign_tags', '');
+	}
+	
 	if (!isset ($config['ldap_server'])) {
 		config_update_value ( 'ldap_server', 'localhost');
 	}
@@ -1083,10 +1102,22 @@ function config_process_config () {
 		config_update_value ( 'ad_start_tls', 0);
 	}
 	
+	if (!isset ($config['ad_advanced_config'])) {
+		config_update_value ( 'ad_advanced_config', 0);
+	}
+	
 	if (!isset ($config['ad_domain'])) {
 		config_update_value ( 'ad_domain', '');
 	}
 	
+	$temp_ad_adv_perms = array();
+	if (isset($config['ad_adv_perms'])) {
+		if (!empty($config['ad_adv_perms'])) {
+			$temp_ad_adv_perms = explode(';', io_safe_output($config['ad_adv_perms']));
+		}
+	}
+	$config['ad_adv_perms'] = $temp_ad_adv_perms;
+	
 	if (!isset ($config['rpandora_server'])) {
 		config_update_value ( 'rpandora_server', 'localhost');
 	}
diff --git a/pandora_console/include/functions_users.php b/pandora_console/include/functions_users.php
index d741c42280..8a5f4ca61f 100755
--- a/pandora_console/include/functions_users.php
+++ b/pandora_console/include/functions_users.php
@@ -31,9 +31,6 @@ function users_is_strict_acl($id_user = null) {
 	$strict_acl = (bool)db_get_value('strict_acl', 'tusuario',
 		'id_user', $id_user);
 	
-	//html_debug_print($strict_acl, true);
-	//html_debug_print($id_user, true);
-	
 	return $strict_acl;
 }
 
diff --git a/pandora_console/include/help/en/help_ad_advanced_permision.php b/pandora_console/include/help/en/help_ad_advanced_permision.php
new file mode 100644
index 0000000000..697e666cc6
--- /dev/null
+++ b/pandora_console/include/help/en/help_ad_advanced_permision.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * @package Include/help/en
+ */
+?>
+<h1>Advance Permission </h1>
+
+<br><br>
+
+<table width="750px" style="display:inline">
+<tr>
+	<td class=""> If you add a new permission, you was added of next form: Name of Profile,Name of Group,[Name of Group AD n1,Name of Group AD n2,Name of Group AD n3,...]</td>
+</table>