Merge pull request #68 from LDAPAccountManager/decrypt_login

Decrypt login
This commit is contained in:
gruberroland 2019-08-06 21:48:47 +02:00 committed by GitHub
commit 02d100b5f0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 104 additions and 136 deletions

View File

@ -955,14 +955,12 @@ function deleteDN($dn, $recursive) {
} }
// delete parent DN // delete parent DN
$success = @ldap_delete($_SESSION['ldap']->server(), $dn); $success = @ldap_delete($_SESSION['ldap']->server(), $dn);
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to delete DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$errors[] = array ('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $errors[] = array ('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Deleted DN: ' . $dn); logNewMessage(LOG_NOTICE, 'Deleted DN: ' . $dn);
} }
return $errors; return $errors;
} }
@ -1483,7 +1481,6 @@ function getCallingURL($baseUrl = '') {
elseif (!empty($_SERVER['HTTP_REFERER'])) { elseif (!empty($_SERVER['HTTP_REFERER'])) {
$url = $_SERVER['HTTP_REFERER']; $url = $_SERVER['HTTP_REFERER'];
} }
logNewMessage(LOG_DEBUG, 'Calling URL detected as ' . $url);
return $url; return $url;
} }

View File

@ -101,12 +101,12 @@ foreach ($toSort as $key => $value) {
</td> </td>
<td align="left" height="30" class="nowrap header-user-label"> <td align="left" height="30" class="nowrap header-user-label">
<?php <?php
$userData = $_SESSION['ldap']->decrypt_login(); $userData = $_SESSION['ldap']->getUserName();
$userName = extractRDNValue($userData[0]); $userName = extractRDNValue($userData);
?> ?>
<span class="hide-on-mobile"> <span class="hide-on-mobile">
<?php <?php
echo '&nbsp;&nbsp;<small title="' . $userData[0] . '">'; echo '&nbsp;&nbsp;<small title="' . $userData . '">';
$serverProfileLabel = $_SESSION['config']->getName() . ' - '; $serverProfileLabel = $_SESSION['config']->getName() . ' - ';
$serverProfileNames = getConfigProfiles(); $serverProfileNames = getConfigProfiles();
if (sizeof($serverProfileNames) < 2) { if (sizeof($serverProfileNames) < 2) {
@ -118,7 +118,7 @@ foreach ($toSort as $key => $value) {
</span> </span>
<span class="hide-on-tablet"> <span class="hide-on-tablet">
<?php <?php
echo '&nbsp;&nbsp;<small title="' . $userData[0] . '">'; echo '&nbsp;&nbsp;<small title="' . $userData . '">';
echo $userName; echo $userName;
echo '</small>'; echo '</small>';
?> ?>

View File

@ -1,9 +1,8 @@
<?php <?php
/* /*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2018 Roland Gruber Copyright (C) 2003 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -99,9 +98,13 @@ class Ldap{
return $return; return $return;
} }
// return error number // return error number
else return ldap_errno($this->server); else {
return ldap_errno($this->server);
}
}
else {
return false;
} }
else return false;
} }
/** Closes connection to server */ /** Closes connection to server */
@ -118,8 +121,7 @@ class Ldap{
*/ */
public function server() { public function server() {
if (!$this->is_connected) { if (!$this->is_connected) {
$data = $this->decrypt_login(); $this->connect($this->getUserName(), $this->getPassword());
$this->connect($data[0], $data[1]);
$this->is_connected = true; $this->is_connected = true;
} }
return $this->server; return $this->server;
@ -179,19 +181,6 @@ class Ldap{
$this->password = base64_encode(lamEncrypt($password)); $this->password = base64_encode(lamEncrypt($password));
} }
/**
* Decrypts username and password
*
* @return array array(user name, password)
*/
public function decrypt_login() {
// decrypt username and password
$username = lamDecrypt(base64_decode($this->username));
$password = lamDecrypt(base64_decode($this->password));
$ret = array($username, $password);
return $ret;
}
/** /**
* Returns the LDAP user name. * Returns the LDAP user name.
* *

View File

@ -138,8 +138,8 @@ function get_ldap_filter($typeId) {
else { else {
$finalFilter = "(&" . implode("", $filters['and']) . ")"; $finalFilter = "(&" . implode("", $filters['and']) . ")";
} }
$loginData = $_SESSION['ldap']->decrypt_login(); $loginData = $_SESSION['ldap']->getUserName();
return str_replace('@@LOGIN_DN@@', $loginData[0], $finalFilter); return str_replace('@@LOGIN_DN@@', $loginData, $finalFilter);
} }
/** /**
@ -186,7 +186,9 @@ function getRDNAttributes($typeId, $selectedModules=null) {
// merge arrays // merge arrays
$return = array_values(array_unique($attrs_high)); $return = array_values(array_unique($attrs_high));
for ($i = 0; $i < sizeof($attrs_normal); $i++) { for ($i = 0; $i < sizeof($attrs_normal); $i++) {
if (!in_array($attrs_normal[$i], $return)) $return[] = $attrs_normal[$i]; if (!in_array($attrs_normal[$i], $return)) {
$return[] = $attrs_normal[$i];
}
} }
for ($i = 0; $i < sizeof($attrs_low); $i++) { for ($i = 0; $i < sizeof($attrs_low); $i++) {
if (!in_array($attrs_low[$i], $return)) { if (!in_array($attrs_low[$i], $return)) {
@ -1812,8 +1814,6 @@ class accountContainer {
} }
$this->finalDN = $this->dn_orig; $this->finalDN = $this->dn_orig;
$errors = array(); $errors = array();
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
$module = array_keys($this->module); $module = array_keys($this->module);
$attributes = array(); $attributes = array();
// load attributes // load attributes
@ -1958,7 +1958,7 @@ class accountContainer {
logNewMessage(LOG_DEBUG, 'Rename ' . $this->dn_orig . ' to ' . $this->finalDN); logNewMessage(LOG_DEBUG, 'Rename ' . $this->dn_orig . ' to ' . $this->finalDN);
$success = ldap_rename($_SESSION['ldap']->server(), $this->dn_orig, $this->getRDN($this->finalDN), $this->getParentDN($this->finalDN), $removeOldRDN); $success = ldap_rename($_SESSION['ldap']->server(), $this->dn_orig, $this->getRDN($this->finalDN), $this->getParentDN($this->finalDN), $removeOldRDN);
if ($success) { if ($success) {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Renamed DN ' . $this->dn_orig . " to " . $this->finalDN); logNewMessage(LOG_NOTICE, 'Renamed DN ' . $this->dn_orig . " to " . $this->finalDN);
// do not add attribute value as new one if added via rename operation // do not add attribute value as new one if added via rename operation
if (!empty($attributes[$this->finalDN]['add'][$rdnAttr]) && in_array(extractRDNValue($this->finalDN), $attributes[$this->finalDN]['add'][$rdnAttr])) { if (!empty($attributes[$this->finalDN]['add'][$rdnAttr]) && in_array(extractRDNValue($this->finalDN), $attributes[$this->finalDN]['add'][$rdnAttr])) {
$attributes[$this->finalDN]['add'][$rdnAttr] = array_delete(array(extractRDNValue($this->finalDN)), $attributes[$this->finalDN]['add'][$rdnAttr]); $attributes[$this->finalDN]['add'][$rdnAttr] = array_delete(array(extractRDNValue($this->finalDN)), $attributes[$this->finalDN]['add'][$rdnAttr]);
@ -1968,7 +1968,7 @@ class accountContainer {
} }
} }
else { else {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to rename DN: ' . $this->dn_orig . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' logNewMessage(LOG_ERR, 'Unable to rename DN: ' . $this->dn_orig . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server())); . getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
$errors[] = array('ERROR', sprintf(_('Was unable to rename DN: %s.'), $this->dn_orig), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to rename DN: %s.'), $this->dn_orig), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
$stopprocessing = true; $stopprocessing = true;
@ -1988,13 +1988,13 @@ class accountContainer {
} }
$success = @ldap_add($_SESSION['ldap']->server(), $this->finalDN, $attr); $success = @ldap_add($_SESSION['ldap']->server(), $this->finalDN, $attr);
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to create DN: ' . $this->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' logNewMessage(LOG_ERR, 'Unable to create DN: ' . $this->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server())); . getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
$errors[] = array('ERROR', sprintf(_('Was unable to create DN: %s.'), $this->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to create DN: %s.'), $this->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
$stopprocessing = true; $stopprocessing = true;
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Created DN: ' . $this->finalDN); logNewMessage(LOG_NOTICE, 'Created DN: ' . $this->finalDN);
} }
unset($attributes[$this->finalDN]); unset($attributes[$this->finalDN]);
} }
@ -2007,16 +2007,16 @@ class accountContainer {
if (!empty($attributes[$DNs[$i]]['modify']) && !$stopprocessing) { if (!empty($attributes[$DNs[$i]]['modify']) && !$stopprocessing) {
$success = @ldap_mod_replace($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['modify']); $success = @ldap_mod_replace($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['modify']);
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server())); . getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
$errors[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
$stopprocessing = true; $stopprocessing = true;
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]); logNewMessage(LOG_NOTICE, 'Modified DN: ' . $DNs[$i]);
// check if the password of the currently logged in user was changed // check if the password of the currently logged in user was changed
$lamAdmin = $_SESSION['ldap']->decrypt_login(); $lamAdmin = $_SESSION['ldap']->getUserName();
if ((strtolower($DNs[$i]) == strtolower($lamAdmin[0])) && isset($attributes[$DNs[$i]]['info']['userPasswordClearText'][0])) { if ((strtolower($DNs[$i]) == strtolower($lamAdmin)) && isset($attributes[$DNs[$i]]['info']['userPasswordClearText'][0])) {
$_SESSION['ldap']->encrypt_login($DNs[$i], $attributes[$DNs[$i]]['info']['userPasswordClearText'][0]); $_SESSION['ldap']->encrypt_login($DNs[$i], $attributes[$DNs[$i]]['info']['userPasswordClearText'][0]);
} }
} }
@ -2025,26 +2025,26 @@ class accountContainer {
if (!empty($attributes[$DNs[$i]]['add']) && !$stopprocessing) { if (!empty($attributes[$DNs[$i]]['add']) && !$stopprocessing) {
$success = @ldap_mod_add($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['add']); $success = @ldap_mod_add($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['add']);
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add attributes to DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' logNewMessage(LOG_ERR, 'Unable to add attributes to DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server())); . getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
$errors[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
$stopprocessing = true; $stopprocessing = true;
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]); logNewMessage(LOG_NOTICE, 'Modified DN: ' . $DNs[$i]);
} }
} }
// remove attributes // remove attributes
if (!empty($attributes[$DNs[$i]]['remove']) && !$stopprocessing) { if (!empty($attributes[$DNs[$i]]['remove']) && !$stopprocessing) {
$success = @ldap_mod_del($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['remove']); $success = @ldap_mod_del($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['remove']);
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete attributes from DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' logNewMessage(LOG_ERR, 'Unable to delete attributes from DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server())); . getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
$errors[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
$stopprocessing = true; $stopprocessing = true;
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]); logNewMessage(LOG_NOTICE, 'Modified DN: ' . $DNs[$i]);
} }
} }
} }

View File

@ -663,8 +663,7 @@ class asteriskExtension extends baseModule {
* @return String owner * @return String owner
*/ */
function getDefaultExtensionOwner(){ function getDefaultExtensionOwner(){
$credentials = $_SESSION['ldap']->decrypt_login(); return $_SESSION['ldap']->getUserName();
return $credentials[0];
} }
/** /**

View File

@ -3,7 +3,7 @@
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2010 - 2011 Pavel Pozdniak Copyright (C) 2010 - 2011 Pavel Pozdniak
2010 - 2018 Roland Gruber 2010 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -248,7 +248,6 @@ class imapAccess extends baseModule {
$return->addElement(new htmlHelpLink('MailAddress'), true); $return->addElement(new htmlHelpLink('MailAddress'), true);
$return->addElement(new htmlSpacer(null, '10px'), true); $return->addElement(new htmlSpacer(null, '10px'), true);
$is_mailbox_exist = false; //default is false
$list = imap_list($mbox, "{" . $imap_server_address . "}", $prefix . $this->getSep() . $this->user); $list = imap_list($mbox, "{" . $imap_server_address . "}", $prefix . $this->getSep() . $this->user);
if (is_array($list) && sizeof($list) == 1) { if (is_array($list) && sizeof($list) == 1) {
$this->renderQuotasForMailbox($return, $mbox, $prefix . $this->getSep() . $this->user); $this->renderQuotasForMailbox($return, $mbox, $prefix . $this->getSep() . $this->user);
@ -550,10 +549,9 @@ class imapAccess extends baseModule {
*/ */
public function check_configOptions($typeIds, &$options) { public function check_configOptions($typeIds, &$options) {
$errors = parent::check_configOptions($typeIds, $options); $errors = parent::check_configOptions($typeIds, $options);
if ($options['ImapAccess_ImapAdminPasswordSelect'][0] == 'config') { if (($options['ImapAccess_ImapAdminPasswordSelect'][0] == 'config')
if (empty($options['ImapAccess_ImapAdminPassword'][0])) { && empty($options['ImapAccess_ImapAdminPassword'][0])) {
$errors[] = $this->messages['config'][2]; $errors[] = $this->messages['config'][2];
}
} }
return $errors; return $errors;
} }
@ -582,8 +580,7 @@ class imapAccess extends baseModule {
$attrNames = array_values(array_unique($attrNames)); $attrNames = array_values(array_unique($attrNames));
$attrNames = array_change_key_case($attrNames, CASE_LOWER); $attrNames = array_change_key_case($attrNames, CASE_LOWER);
// read LAM login user data // read LAM login user data
$data = $_SESSION['ldap']->decrypt_login(); $dn = $_SESSION['ldap']->getUserName();
$dn = $data[0];
$sr = @ldap_read($_SESSION['ldap']->server(), $dn, '(objectclass=*)', $attrNames, 0, 0, 0, LDAP_DEREF_NEVER); $sr = @ldap_read($_SESSION['ldap']->server(), $dn, '(objectclass=*)', $attrNames, 0, 0, 0, LDAP_DEREF_NEVER);
if ($sr) { if ($sr) {
$info = @ldap_get_entries($_SESSION['ldap']->server(), $sr); $info = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
@ -617,8 +614,7 @@ class imapAccess extends baseModule {
$imap_admin_password = lamDecrypt($_SESSION['imapAdmPass']); $imap_admin_password = lamDecrypt($_SESSION['imapAdmPass']);
} }
elseif (isset($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0]) && ($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "lam_user_pass")) { elseif (isset($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0]) && ($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "lam_user_pass")) {
$credentials = $_SESSION['ldap']->decrypt_login(); $imap_admin_password = $_SESSION['ldap']->getPassword();
$imap_admin_password = $credentials[1];
} }
elseif (!empty($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0]) && ($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "config") elseif (!empty($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0]) && ($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "config")
&& !empty($this->moduleSettings['ImapAccess_ImapAdminPassword'][0])) { && !empty($this->moduleSettings['ImapAccess_ImapAdminPassword'][0])) {
@ -678,8 +674,7 @@ class imapAccess extends baseModule {
else { else {
$validate_opt = "validate-cert"; $validate_opt = "validate-cert";
} }
$imap_server_address = $imap_server_name . ":" . $imap_port_number . "/" . $imap_encryption_protocol . "/" . $validate_opt; return $imap_server_name . ":" . $imap_port_number . "/" . $imap_encryption_protocol . "/" . $validate_opt;
return $imap_server_address;
} }
/** /**

View File

@ -6,7 +6,7 @@ use LAM\PDF\PDFImage;
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz Copyright (C) 2003 - 2006 Tilo Lutz
2005 - 2018 Roland Gruber 2005 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -928,19 +928,17 @@ class inetOrgPerson extends baseModule implements passwordService {
$dn = 'ou=addressbook,' . $accountContainer->finalDN; $dn = 'ou=addressbook,' . $accountContainer->finalDN;
$result = ldapGetDN($dn); $result = ldapGetDN($dn);
if (empty($result)) { if (empty($result)) {
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
$attrs = array( $attrs = array(
'objectClass' => array('organizationalUnit'), 'objectClass' => array('organizationalUnit'),
'ou' => 'addressbook' 'ou' => 'addressbook'
); );
$success = @ldap_add($_SESSION['ldap']->server(), $dn, $attrs); $success = @ldap_add($_SESSION['ldap']->server(), $dn, $attrs);
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add addressbook for user ' . $accountContainer->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to add addressbook for user ' . $accountContainer->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_("Was unable to create DN: %s."), htmlspecialchars($dn)), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $messages[] = array('ERROR', sprintf(_("Was unable to create DN: %s."), htmlspecialchars($dn)), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added addressbook for user ' . $accountContainer->finalDN); logNewMessage(LOG_NOTICE, 'Added addressbook for user ' . $accountContainer->finalDN);
} }
} }
} }

View File

@ -1,10 +1,9 @@
<?php <?php
use \LAM\TYPES\TypeManager; use \LAM\TYPES\TypeManager;
/* /*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2014 - 2017 Roland Gruber Copyright (C) 2014 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -175,7 +174,6 @@ class nisMailAliasUser extends baseModule {
$label->colspan = 5; $label->colspan = 5;
$mailTable->addElement($label, true); $mailTable->addElement($label, true);
} }
$found = false;
for ($i = 0; $i < $count; $i++) { for ($i = 0; $i < $count; $i++) {
if (empty($aliases[$i]['rfc822mailmember'])) { if (empty($aliases[$i]['rfc822mailmember'])) {
continue; continue;
@ -185,7 +183,6 @@ class nisMailAliasUser extends baseModule {
if (in_array($mails[$m], $members) if (in_array($mails[$m], $members)
&& (!isset($this->recipientsToDelete[$dn]) || !in_array($mails[$m], $this->recipientsToDelete[$dn])) && (!isset($this->recipientsToDelete[$dn]) || !in_array($mails[$m], $this->recipientsToDelete[$dn]))
&& !in_array($dn, $this->aliasesToDelete)) { && !in_array($dn, $this->aliasesToDelete)) {
$found = true;
$mailTable->addSpace('5px'); $mailTable->addSpace('5px');
$mailTable->addElement(new htmlOutputText($aliases[$i]['cn'][0])); $mailTable->addElement(new htmlOutputText($aliases[$i]['cn'][0]));
$buttonGroup = new htmlGroup(); $buttonGroup = new htmlGroup();
@ -334,7 +331,6 @@ class nisMailAliasUser extends baseModule {
function display_html_add() { function display_html_add() {
$return = new htmlTable(); $return = new htmlTable();
$aliases = $this->getMailAliasList(); $aliases = $this->getMailAliasList();
$count = sizeof($aliases);
$userName = $this->getUserName(); $userName = $this->getUserName();
$mails = $this->getMailAddresses(); $mails = $this->getMailAddresses();
$recipient = null; $recipient = null;
@ -411,7 +407,6 @@ class nisMailAliasUser extends baseModule {
*/ */
function process_add() { function process_add() {
$errors = array(); $errors = array();
$mails = $this->getMailAddresses();
// create new alias entry // create new alias entry
if (isset($_POST['form_subpage_' . get_class($this) . '_attributes_create'])) { if (isset($_POST['form_subpage_' . get_class($this) . '_attributes_create'])) {
if (empty($_POST['new_cn']) || !get_preg($_POST['new_cn'], 'nis_alias')) { if (empty($_POST['new_cn']) || !get_preg($_POST['new_cn'], 'nis_alias')) {
@ -421,7 +416,7 @@ class nisMailAliasUser extends baseModule {
// build new alias entry // build new alias entry
$newDN = 'cn=' . $_POST['new_cn'] . ',' . $_POST['new_ou']; $newDN = 'cn=' . $_POST['new_cn'] . ',' . $_POST['new_ou'];
$found = false; $found = false;
foreach ($this->cachedAliasList as $key => $attrs) { foreach ($this->cachedAliasList as $attrs) {
if ($attrs['dn'] == $newDN) { if ($attrs['dn'] == $newDN) {
$found = true; $found = true;
break; break;
@ -471,28 +466,26 @@ class nisMailAliasUser extends baseModule {
*/ */
public function postModifyActions($newAccount, $attributes) { public function postModifyActions($newAccount, $attributes) {
$errors = array(); $errors = array();
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
// delete complete aliases // delete complete aliases
foreach ($this->aliasesToDelete as $dn) { foreach ($this->aliasesToDelete as $dn) {
$success = @ldap_delete($_SESSION['ldap']->server(), $dn); $success = @ldap_delete($_SESSION['ldap']->server(), $dn);
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to delete ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$errors[] = array('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed ' . $dn); logNewMessage(LOG_NOTICE, 'Removed ' . $dn);
} }
} }
// delete recipient entries // delete recipient entries
foreach ($this->recipientsToDelete as $dn => $recipients) { foreach ($this->recipientsToDelete as $dn => $recipients) {
$success = @ldap_mod_del($_SESSION['ldap']->server(), $dn, array('rfc822mailmember' => $recipients)); $success = @ldap_mod_del($_SESSION['ldap']->server(), $dn, array('rfc822mailmember' => $recipients));
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to remove recipients ' . implode(', ', $recipients) . ' from ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to remove recipients ' . implode(', ', $recipients) . ' from ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$errors[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed recipients ' . implode(', ', $recipients) . ' from ' . $dn); logNewMessage(LOG_NOTICE, 'Removed recipients ' . implode(', ', $recipients) . ' from ' . $dn);
} }
} }
// create new aliases // create new aliases
@ -500,22 +493,22 @@ class nisMailAliasUser extends baseModule {
unset($attrs['dn']); unset($attrs['dn']);
$success = @ldap_add($_SESSION['ldap']->server(), $dn, $attrs); $success = @ldap_add($_SESSION['ldap']->server(), $dn, $attrs);
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to create mail alias ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to create mail alias ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$errors[] = array('ERROR', sprintf(_('Was unable to create DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to create DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added mail alias with recipients ' . implode(', ', $attrs['rfc822mailmember']) . ' and DN ' . $dn); logNewMessage(LOG_NOTICE, 'Added mail alias with recipients ' . implode(', ', $attrs['rfc822mailmember']) . ' and DN ' . $dn);
} }
} }
// add recipients // add recipients
foreach ($this->recipientsToAdd as $dn => $recipients) { foreach ($this->recipientsToAdd as $dn => $recipients) {
$success = @ldap_mod_add($_SESSION['ldap']->server(), $dn, array('rfc822mailmember' => $recipients)); $success = @ldap_mod_add($_SESSION['ldap']->server(), $dn, array('rfc822mailmember' => $recipients));
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add recipients ' . implode(', ', $recipients) . ' to ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to add recipients ' . implode(', ', $recipients) . ' to ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$errors[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added recipients ' . implode(', ', $recipients) . ' to ' . $dn); logNewMessage(LOG_NOTICE, 'Added recipients ' . implode(', ', $recipients) . ' to ' . $dn);
} }
} }
return $errors; return $errors;

View File

@ -6,7 +6,7 @@ use \LAM\TYPES\TypeManager;
/* /*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2015 - 2018 Roland Gruber Copyright (C) 2015 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -315,8 +315,6 @@ class nisNetGroupUser extends baseModule {
if (empty($uid)) { if (empty($uid)) {
return array(); return array();
} }
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
$messages = array(); $messages = array();
// calculate differences // calculate differences
$toRem = $this->groupsOrig; $toRem = $this->groupsOrig;
@ -370,7 +368,7 @@ class nisNetGroupUser extends baseModule {
); );
$success = @ldap_mod_replace($_SESSION['ldap']->server(), $dn, $attributes); $success = @ldap_mod_replace($_SESSION['ldap']->server(), $dn, $attributes);
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
} }
@ -397,8 +395,6 @@ class nisNetGroupUser extends baseModule {
if (empty($uid)) { if (empty($uid)) {
return array(); return array();
} }
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
$return = array(); $return = array();
// remove from NIS netgroups // remove from NIS netgroups
$changes = array(); $changes = array();
@ -419,7 +415,7 @@ class nisNetGroupUser extends baseModule {
); );
$success = @ldap_mod_replace($_SESSION['ldap']->server(), $dn, $attributes); $success = @ldap_mod_replace($_SESSION['ldap']->server(), $dn, $attributes);
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
} }

View File

@ -601,7 +601,6 @@ class posixAccount extends baseModule implements passwordService {
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions) * <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/ */
function save_attributes() { function save_attributes() {
$typeId = $this->getAccountContainer()->get_type()->getId();
if (!$this->skipObjectClass() && (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass']))) { if (!$this->skipObjectClass() && (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass']))) {
// skip saving if the extension was not added/modified // skip saving if the extension was not added/modified
return array(); return array();
@ -656,7 +655,7 @@ class posixAccount extends baseModule implements passwordService {
$add = array_delete($this->groups_orig, $this->groups); $add = array_delete($this->groups_orig, $this->groups);
$remove = array_delete($this->groups, $this->groups_orig); $remove = array_delete($this->groups, $this->groups_orig);
$groupList = searchLDAPByAttribute('cn', '*', 'posixGroup', array('cn', 'dn'), array('group')); $groupList = searchLDAPByAttribute('cn', '*', 'posixGroup', array('cn', 'dn'), array('group'));
$dn2cn = array(); $cn2dn = array();
for ($i = 0; $i < sizeof($groupList); $i++) { for ($i = 0; $i < sizeof($groupList); $i++) {
$cn2dn[$groupList[$i]['cn'][0]] = $groupList[$i]['dn']; $cn2dn[$groupList[$i]['cn'][0]] = $groupList[$i]['dn'];
} }
@ -815,8 +814,6 @@ class posixAccount extends baseModule implements passwordService {
$gons = $this->findGroupOfNames(); $gons = $this->findGroupOfNames();
$toAdd = array_values(array_diff($this->gonList, $this->gonList_orig)); $toAdd = array_values(array_diff($this->gonList, $this->gonList_orig));
$toRem = array_values(array_diff($this->gonList_orig, $this->gonList)); $toRem = array_values(array_diff($this->gonList_orig, $this->gonList));
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
// update groups if DN changed // update groups if DN changed
if (isset($accountContainer->dn_orig) && ($accountContainer->dn_orig != $accountContainer->finalDN)) { if (isset($accountContainer->dn_orig) && ($accountContainer->dn_orig != $accountContainer->finalDN)) {
// update owner/member/uniqueMember attributes // update owner/member/uniqueMember attributes
@ -837,7 +834,7 @@ class posixAccount extends baseModule implements passwordService {
$success = @ldap_mod_replace($_SESSION['ldap']->server(), $ownerGroups[$i]['dn'], array($searchAttr => $newOwners)); $success = @ldap_mod_replace($_SESSION['ldap']->server(), $ownerGroups[$i]['dn'], array($searchAttr => $newOwners));
if (!$success) { if (!$success) {
$ldapError = getDefaultLDAPErrorString($_SESSION['ldap']->server()); $ldapError = getDefaultLDAPErrorString($_SESSION['ldap']->server());
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $ownerGroups[$i]['dn'] . ' (' . $ldapError . ').'); logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $ownerGroups[$i]['dn'] . ' (' . $ldapError . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $ownerGroups[$i]['dn']), $ldapError); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $ownerGroups[$i]['dn']), $ldapError);
} }
} }
@ -853,11 +850,11 @@ class posixAccount extends baseModule implements passwordService {
} }
$success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array($attrName => array($accountContainer->finalDN))); $success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array($attrName => array($accountContainer->finalDN)));
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to add user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i]); logNewMessage(LOG_NOTICE, 'Added user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i]);
} }
} }
} }
@ -870,11 +867,11 @@ class posixAccount extends baseModule implements passwordService {
} }
$success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array($attrName => array($accountContainer->dn_orig))); $success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array($attrName => array($accountContainer->dn_orig)));
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to delete user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i]); logNewMessage(LOG_NOTICE, 'Removed user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i]);
} }
} }
} }
@ -3385,10 +3382,10 @@ class posixAccount extends baseModule implements passwordService {
} }
return true; return true;
} }
/** /**
* Returns if the module manages the password attribute. * Returns if the module manages the password attribute.
* *
* @param string $typeId account type id * @param string $typeId account type id
* @return boolean manages password * @return boolean manages password
*/ */

View File

@ -4,10 +4,9 @@ use \LAM\PDF\PDFTableCell;
use \LAM\PDF\PDFTableRow; use \LAM\PDF\PDFTableRow;
use \LAM\TYPES\TypeManager; use \LAM\TYPES\TypeManager;
/* /*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2013 - 2017 Roland Gruber Copyright (C) 2013 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -1036,18 +1035,16 @@ class windowsGroup extends baseModule {
$toAdd = array_values(array_diff($this->attributes['memberOf'], $this->orig['memberOf'])); $toAdd = array_values(array_diff($this->attributes['memberOf'], $this->orig['memberOf']));
$toRem = array_values(array_diff($this->orig['memberOf'], $this->attributes['memberOf'])); $toRem = array_values(array_diff($this->orig['memberOf'], $this->attributes['memberOf']));
$toUpdate = array_values(array_intersect($this->attributes['memberOf'], $this->orig['memberOf'])); $toUpdate = array_values(array_intersect($this->attributes['memberOf'], $this->orig['memberOf']));
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
// add groups // add groups
for ($i = 0; $i < sizeof($toAdd); $i++) { for ($i = 0; $i < sizeof($toAdd); $i++) {
if (in_array($toAdd[$i], $groups)) { if (in_array($toAdd[$i], $groups)) {
$success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array('member' => array($this->getAccountContainer()->finalDN))); $success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array('member' => array($this->getAccountContainer()->finalDN)));
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to add group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]); logNewMessage(LOG_NOTICE, 'Added group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]);
} }
} }
} }
@ -1056,11 +1053,11 @@ class windowsGroup extends baseModule {
if (in_array($toRem[$i], $groups)) { if (in_array($toRem[$i], $groups)) {
$success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array('member' => array($this->getAccountContainer()->dn_orig))); $success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array('member' => array($this->getAccountContainer()->dn_orig)));
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to delete group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]); logNewMessage(LOG_NOTICE, 'Removed group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]);
} }
} }
} }

View File

@ -2171,18 +2171,16 @@ class windowsUser extends baseModule implements passwordService {
$groups = $this->findGroups(); $groups = $this->findGroups();
$toAdd = array_values(array_diff($this->groupList, $this->groupList_orig)); $toAdd = array_values(array_diff($this->groupList, $this->groupList_orig));
$toRem = array_values(array_diff($this->groupList_orig, $this->groupList)); $toRem = array_values(array_diff($this->groupList_orig, $this->groupList));
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
// add groups // add groups
for ($i = 0; $i < sizeof($toAdd); $i++) { for ($i = 0; $i < sizeof($toAdd); $i++) {
if (in_array($toAdd[$i], $groups)) { if (in_array($toAdd[$i], $groups)) {
$success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array('member' => array($this->getAccountContainer()->finalDN))); $success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array('member' => array($this->getAccountContainer()->finalDN)));
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to add user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]); logNewMessage(LOG_NOTICE, 'Added user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]);
} }
} }
} }
@ -2191,11 +2189,11 @@ class windowsUser extends baseModule implements passwordService {
if (in_array($toRem[$i], $groups)) { if (in_array($toRem[$i], $groups)) {
$success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array('member' => array($this->getAccountContainer()->dn_orig))); $success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array('member' => array($this->getAccountContainer()->dn_orig)));
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to delete user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
else { else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]); logNewMessage(LOG_NOTICE, 'Removed user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]);
} }
} }
} }
@ -2204,7 +2202,7 @@ class windowsUser extends baseModule implements passwordService {
$attrs = array('pwdLastSet' => array($this->pwdLastSet)); $attrs = array('pwdLastSet' => array($this->pwdLastSet));
$success = @ldap_modify($_SESSION['ldap']->server(), $this->getAccountContainer()->finalDN, $attrs); $success = @ldap_modify($_SESSION['ldap']->server(), $this->getAccountContainer()->finalDN, $attrs);
if (!$success) { if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to change pwdLastSet for ' . $this->getAccountContainer()->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); logNewMessage(LOG_ERR, 'Unable to change pwdLastSet for ' . $this->getAccountContainer()->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $this->getAccountContainer()->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $this->getAccountContainer()->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
} }
} }

View File

@ -101,10 +101,10 @@ class Remote {
*/ */
private function loginSSH($handle) { private function loginSSH($handle) {
$username = $_SESSION['config']->getScriptUserName(); $username = $_SESSION['config']->getScriptUserName();
$credentials = $_SESSION['ldap']->decrypt_login(); $ldapUser = $_SESSION['ldap']->getUserName();
if (empty($username)) { if (empty($username)) {
// get user name from current LAM user // get user name from current LAM user
$sr = @ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER); $sr = @ldap_read($_SESSION['ldap']->server(), $ldapUser, "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER);
if ($sr) { if ($sr) {
$entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr); $entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
if (!empty($entry[0]['uid'])) { if (!empty($entry[0]['uid'])) {
@ -112,10 +112,10 @@ class Remote {
} }
} }
if (empty($username)) { if (empty($username)) {
throw new LAMException(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), getAbstractDN($credentials[0]))); throw new LAMException(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), getAbstractDN($ldapUser)));
} }
} }
$password = $credentials[1]; $password = $_SESSION['ldap']->getPassword();
$keyPath = $_SESSION['config']->getScriptSSHKey(); $keyPath = $_SESSION['config']->getScriptSSHKey();
if (!empty($keyPath)) { if (!empty($keyPath)) {
// use key authentication // use key authentication

View File

@ -173,8 +173,8 @@ function checkClientIP() {
function logoffAndBackToLoginPage() { function logoffAndBackToLoginPage() {
// log message // log message
if (isset($_SESSION['ldap'])) { if (isset($_SESSION['ldap'])) {
$ldapUser = $_SESSION['ldap']->decrypt_login(); $ldapUser = $_SESSION['ldap']->getUserName();
logNewMessage(LOG_WARNING, 'Session of user ' . $ldapUser[0] . ' expired.'); logNewMessage(LOG_WARNING, 'Session of user ' . $ldapUser . ' expired.');
// close LDAP connection // close LDAP connection
@$_SESSION["ldap"]->destroy(); @$_SESSION["ldap"]->destroy();
} }
@ -270,7 +270,7 @@ function logNewMessage($level, $message) {
return; return;
} }
// ok to log, build log message // ok to log, build log message
$prefix = "LDAP Account Manager (" . session_id() . ' - ' . getClientIPForLogging() . ") - " . $possibleLevels[$level] . ": "; $prefix = "LDAP Account Manager (" . session_id() . ' - ' . getClientIPForLogging() . ' - ' . getLamLdapUser() . ") - " . $possibleLevels[$level] . ": ";
$message = $prefix . $message; $message = $prefix . $message;
// Syslog logging // Syslog logging
if ($cfg->logDestination == 'SYSLOG') { if ($cfg->logDestination == 'SYSLOG') {
@ -608,6 +608,21 @@ function getClientIPForLogging() {
return $ip; return $ip;
} }
/**
* Returns the login dn of the current user.
*
* @return string user DN
*/
function getLamLdapUser() {
if (isset($_SESSION['ldap'])) {
return $_SESSION['ldap']->getUserName();
}
elseif (isset($_SESSION['selfService_clientDN'])) {
return lamDecrypt($_SESSION['selfService_clientDN'], 'SelfService');
}
return '';
}
/** /**
* Adds a security token to the session to prevent CSRF attacks. * Adds a security token to the session to prevent CSRF attacks.
* *

View File

@ -4,7 +4,6 @@ app_session_start();
$lamConfig = $_SESSION['config']; $lamConfig = $_SESSION['config'];
$lamCfgMain = $_SESSION['cfgMain']; $lamCfgMain = $_SESSION['cfgMain'];
$lamLdap = $_SESSION['ldap']; $lamLdap = $_SESSION['ldap'];
$lamLogin = $lamLdap->decrypt_login();
$servers = new Datastore(); $servers = new Datastore();
$servers->newServer('ldap_pla'); $servers->newServer('ldap_pla');
@ -12,8 +11,8 @@ $servers->setValue('server','name',null);
$servers->setValue('server','host',$lamConfig->get_ServerURL()); $servers->setValue('server','host',$lamConfig->get_ServerURL());
$servers->setValue('server','base',array($lamConfig->get_Suffix('tree'))); $servers->setValue('server','base',array($lamConfig->get_Suffix('tree')));
$servers->setValue('login','auth_type','config'); $servers->setValue('login','auth_type','config');
$servers->setValue('login','bind_id',$lamLogin[0]); $servers->setValue('login','bind_id', $lamLdap->getUserName());
$servers->setValue('login','bind_pass',$lamLogin[1]); $servers->setValue('login','bind_pass',$lamLdap->getPassword());
if ($lamConfig->getUseTLS() == 'yes') { if ($lamConfig->getUseTLS() == 'yes') {
$servers->setValue('server','tls',true); $servers->setValue('server','tls',true);
} }

View File

@ -9,10 +9,9 @@ use \htmlSelect;
use \htmlInputField; use \htmlInputField;
use \htmlButton; use \htmlButton;
/* /*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2017 Roland Gruber Copyright (C) 2017 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -46,9 +45,7 @@ startSecureSession();
setlanguage(); setlanguage();
$config = $_SESSION['config']; $config = $_SESSION['config'];
$ldap = $_SESSION['ldap']; $password = $_SESSION['ldap']->getPassword();
$credentials = $ldap->decrypt_login();
$password = $credentials[1];
$user = $_SESSION['user2factor']; $user = $_SESSION['user2factor'];
if (get_preg($user, 'dn')) { if (get_preg($user, 'dn')) {
$user = extractRDNValue($user); $user = extractRDNValue($user);

View File

@ -1,9 +1,8 @@
<?php <?php
/* /*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2018 Roland Gruber Copyright (C) 2003 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -47,8 +46,7 @@ startSecureSession();
// log message // log message
if (isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] === true)) { if (isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] === true)) {
$ldapUser = $_SESSION['ldap']->decrypt_login(); logNewMessage(LOG_NOTICE, 'User logged off.');
logNewMessage(LOG_NOTICE, 'User ' . $ldapUser[0] . ' logged off.');
// close LDAP connection // close LDAP connection
if (!empty($_SESSION["ldap"])) { if (!empty($_SESSION["ldap"])) {

View File

@ -210,13 +210,13 @@ function lamRunTestSuite($serverName, $serverTitle, $testQuota, $container) {
$container->addVerticalSpacer('0.5rem'); $container->addVerticalSpacer('0.5rem');
// check Unix account of LAM admin // check Unix account of LAM admin
$credentials = $_SESSION['ldap']->decrypt_login(); $ldapUser = $_SESSION['ldap']->getUserName();
if (!$stopTest) { if (!$stopTest) {
$scriptUserName = $_SESSION['config']->getScriptUserName(); $scriptUserName = $_SESSION['config']->getScriptUserName();
if (empty($scriptUserName)) { if (empty($scriptUserName)) {
$container->add(new htmlOutputText(_("Unix account")), 10, 4); $container->add(new htmlOutputText(_("Unix account")), 10, 4);
$unixOk = false; $unixOk = false;
$sr = @ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER); $sr = @ldap_read($_SESSION['ldap']->server(), $ldapUser, "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER);
if ($sr) { if ($sr) {
$entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr); $entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
$userName = $entry[0]['uid'][0]; $userName = $entry[0]['uid'][0];
@ -230,7 +230,7 @@ function lamRunTestSuite($serverName, $serverTitle, $testQuota, $container) {
} }
else { else {
$container->add(new htmlImage($failImage), 2); $container->add(new htmlImage($failImage), 2);
$container->add(new htmlOutputText(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), $credentials[0])), 12, 6); $container->add(new htmlOutputText(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), $ldapUser)), 12, 6);
$stopTest = true; $stopTest = true;
} }
$container->addVerticalSpacer('0.5rem'); $container->addVerticalSpacer('0.5rem');