tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add new funcionality of remote login with Active Directory

This commit is contained in:
m-lopez-f 2015-07-28 16:10:45 +02:00
parent a9c6900852
commit dfcfc85303
5 changed files with 108 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
pandora_console/godmode/setup/setup_auth.php
View File

@ -58,37 +58,43 @@ if ($profile_list === false) {
}
$table->data[3][1] = html_print_select ($profile_list, 'default_remote_profile', $config['default_remote_profile'], '', '', '', true, false, true, '', $config['autocreate_remote_users'] == 0);
$table->data[4][0] = __('Autocreate profile group');
$table->data[4][1] = html_print_select_groups ($config['id_user'], "AR", true, 'default_remote_group', $config['default_remote_group'], '', '', '', true, false, true, '', $config['autocreate_remote_users'] == 0);
$table->data[5][0] = __('Autocreate blacklist') . ui_print_help_icon ('autocreate_blacklist', true);
$table->data[5][1] = html_print_input_text ('autocreate_blacklist', $config['autocreate_blacklist'], '', 60, 100, true);
$table->data[4][1] = html_print_select_groups ($config['id_user'], "AR",
true, 'default_remote_group', $config['default_remote_group'],
'', '', '', true, false, true, '',
$config['autocreate_remote_users'] == 0);
$tags = tags_get_all_tags();
$table->data[5][0] = __('Autocreate profile tags');
$table->data[5][1] = html_print_select($tags, 'default_assign_tags[]', explode(",",$config['default_assign_tags']), '', __('Any'), '', true, true);
$table->data[6][0] = __('Autocreate blacklist') . ui_print_help_icon ('autocreate_blacklist', true);
$table->data[6][1] = html_print_input_text ('autocreate_blacklist', $config['autocreate_blacklist'], '', 60, 100, true);
for ($i = 1; $i <= 4; $i++) {
$table->rowstyle[$i] = $config['auth'] != 'mysql' ? '' : 'display: none;';
$table->rowclass[$i] = 'remote';
}
$table->data[6][0] = __('LDAP server');
$table->data[6][1] = html_print_input_text ('ldap_server', $config['ldap_server'], '', 30, 100, true);
$table->data[7][0] = __('LDAP port');
$table->data[7][1] = html_print_input_text ('ldap_port', $config['ldap_port'], '', 10, 100, true);
$table->data[8][0] = __('LDAP version');
$table->data[7][0] = __('LDAP server');
$table->data[7][1] = html_print_input_text ('ldap_server', $config['ldap_server'], '', 30, 100, true);
$table->data[8][0] = __('LDAP port');
$table->data[8][1] = html_print_input_text ('ldap_port', $config['ldap_port'], '', 10, 100, true);
$table->data[9][0] = __('LDAP version');
$ldap_versions = array (1 => 'LDAPv1', 2 => 'LDAPv2', 3 => 'LDAPv3');
$table->data[8][1] = html_print_select ($ldap_versions, 'ldap_version', $config['ldap_version'], '', '', 0, true);
$table->data[9][0] = __('Start TLS');
$table->data[9][1] = __('Yes').'&nbsp;'.html_print_radio_button ('ldap_start_tls', 1, '', $config['ldap_start_tls'], true).'&nbsp;&nbsp;';
$table->data[9][1] .= __('No').'&nbsp;'.html_print_radio_button ('ldap_start_tls', 0, '', $config['ldap_start_tls'], true);
$table->data[10][0] = __('Base DN');
$table->data[10][1] = html_print_input_text ('ldap_base_dn', $config['ldap_base_dn'], '', 60, 100, true);
$table->data[11][0] = __('Login attribute');
$table->data[11][1] = html_print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
$table->data[9][1] = html_print_select ($ldap_versions, 'ldap_version', $config['ldap_version'], '', '', 0, true);
$table->data[10][0] = __('Start TLS');
$table->data[10][1] = __('Yes').'&nbsp;'.html_print_radio_button ('ldap_start_tls', 1, '', $config['ldap_start_tls'], true).'&nbsp;&nbsp;';
$table->data[10][1] .= __('No').'&nbsp;'.html_print_radio_button ('ldap_start_tls', 0, '', $config['ldap_start_tls'], true);
$table->data[11][0] = __('Base DN');
$table->data[11][1] = html_print_input_text ('ldap_base_dn', $config['ldap_base_dn'], '', 60, 100, true);
$table->data[12][0] = __('Login attribute');
$table->data[12][1] = html_print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
// Hide LDAP configuration options
for ($i = 2; $i <= 11; $i++) {
for ($i = 2; $i <= 12; $i++) {
$table->rowstyle[$i] = $config['auth'] == 'ldap' ? '' : 'display: none;';
$table->rowclass[$i] = 'ldap';
}
// Set the rows autocreation for Active Directory
for ($i = 2; $i <= 5; $i++) {
for ($i = 2; $i <= 6; $i++) {
$table->rowclass[$i] .= ' ' . 'ad';
}

46
pandora_console/include/auth/mysql.php
View File

@ -217,7 +217,8 @@ function process_user_login_remote ($login, $pass, $api = false) {
// Unknown authentication method
default:
$config["auth_error"] = "User not found in database or incorrect password";
$config["auth_error"] = "User not found in database
or incorrect password";
return false;
break;
}
@ -227,24 +228,55 @@ function process_user_login_remote ($login, $pass, $api = false) {
if (!user_can_login($login)) {
return false;
}
if ($config["auth"] == 'ad'){
$return = enterprise_hook ('prepare_permissions_groups_of_user_ad',
array ($login, $pass, false, true));
if (!$return) {
$config["auth_error"] = __("Problems with configuration
permissions. Please contact with Administrator");
return false;
}
}
return $login;
}
// The user does not exist and can not be created
if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted ($login)) {
$config["auth_error"] = "Ooops User not found in database or incorrect password";
$config["auth_error"] = __("Ooops User not found in
database or incorrect password");
return false;
}
// Create the user in the local database
if (create_user ($login, $pass, array ('fullname' => $login, 'comments' => 'Imported from ' . $config['auth'])) === false) {
$config["auth_error"] = "User not found in database or incorrect password";
return false;
if (isset($config['ad_advanced_config']) && $config['ad_advanced_config']) {
// Create the user in the local database enterprise_hook ('prepare_permissions_groups_of_user_ad', array ($login, $pass))
if (enterprise_hook ('prepare_permissions_groups_of_user_ad',
array ($login, $pass, array ('fullname' => $login,
'comments' => 'Imported from ' .
$config['auth']))) === false) {
$config["auth_error"] = __("User not found in database
or incorrect password");
return false;
}
}
else{
// Create the user in the local database
if (create_user ($login, $pass,
array ('fullname' => $login,
'comments' => 'Imported from ' . $config['auth'])
) === false) {
$config["auth_error"] = __("User not found in database or incorrect password");
return false;
}
profile_create_user_profile ($login,
$config['default_remote_profile'],
$config['default_remote_group']);
}
profile_create_user_profile ($login, $config['default_remote_profile'], $config['default_remote_group']);
return $login;
}

31
pandora_console/include/functions_config.php
View File

@ -52,6 +52,15 @@ function config_update_value ($token, $value) {
io_safe_output($value));
}
if ($token == 'ad_adv_perms') {
$value = str_replace(array("\r\n", "\r", "\n"), ";",
io_safe_output($value));
}
if ($token == 'default_assign_tags') {
$value = ($value);
}
if (!isset ($config[$token])) {
$config[$token] = $value;
return (bool) config_create_value ($token, io_safe_input($value));
@ -273,6 +282,8 @@ function config_update_config () {
$error_update[] = __('Autocreate profile');
if (!config_update_value ('default_remote_group', get_parameter ('default_remote_group')))
$error_update[] = __('Autocreate profile group');
if (!config_update_value ('default_assign_tags', implode(",",get_parameter ('default_assign_tags'))))
$error_update[] = __('Autocreate profile tags');
if (!config_update_value ('autocreate_blacklist', get_parameter ('autocreate_blacklist')))
$error_update[] = __('Autocreate blacklist');
@ -282,8 +293,12 @@ function config_update_config () {
$error_update[] = __('Active directory port');
if (!config_update_value ('ad_start_tls', get_parameter ('ad_start_tls')))
$error_update[] = __('Start TLS');
if (!config_update_value ('ad_advanced_config', get_parameter ('ad_advanced_config')))
$error_update[] = __('Advance Config AD');
if (!config_update_value ('ad_domain', get_parameter ('ad_domain')))
$error_update[] = __('Domain');
if (!config_update_value ('ad_adv_perms', get_parameter ('ad_adv_perms')))
$error_update[] = __('Advanced Permisions AD');
if (!config_update_value ('ldap_server', get_parameter ('ldap_server')))
$error_update[] = __('LDAP server');
@ -1042,6 +1057,10 @@ function config_process_config () {
config_update_value ('default_remote_group', 0);
}
if (!isset ($config['default_assign_tags'])) {
config_update_value ( 'default_assign_tags', '');
}
if (!isset ($config['ldap_server'])) {
config_update_value ( 'ldap_server', 'localhost');
}
@ -1083,10 +1102,22 @@ function config_process_config () {
config_update_value ( 'ad_start_tls', 0);
}
if (!isset ($config['ad_advanced_config'])) {
config_update_value ( 'ad_advanced_config', 0);
}
if (!isset ($config['ad_domain'])) {
config_update_value ( 'ad_domain', '');
}
$temp_ad_adv_perms = array();
if (isset($config['ad_adv_perms'])) {
if (!empty($config['ad_adv_perms'])) {
$temp_ad_adv_perms = explode(';', io_safe_output($config['ad_adv_perms']));
}
}
$config['ad_adv_perms'] = $temp_ad_adv_perms;
if (!isset ($config['rpandora_server'])) {
config_update_value ( 'rpandora_server', 'localhost');
}

3
pandora_console/include/functions_users.php
View File

@ -31,9 +31,6 @@ function users_is_strict_acl($id_user = null) {
$strict_acl = (bool)db_get_value('strict_acl', 'tusuario',
'id_user', $id_user);
//html_debug_print($strict_acl, true);
//html_debug_print($id_user, true);
return $strict_acl;
}

13
pandora_console/include/help/en/help_ad_advanced_permision.php Normal file
View File

@ -0,0 +1,13 @@
<?php
/**
* @package Include/help/en
*/
?>
<h1>Advance Permission </h1>
<br><br>
<table width="750px" style="display:inline">
<tr>
<td class=""> If you add a new permission, you was added of next form: Name of Profile,Name of Group,[Name of Group AD n1,Name of Group AD n2,Name of Group AD n3,...]</td>
</table>