added logging

This commit is contained in:
Roland Gruber 2006-04-23 16:33:25 +00:00
parent ef8365d787
commit 0fec1ae9c1
7 changed files with 214 additions and 42 deletions

View File

@ -130,6 +130,10 @@ $helpArray = array (
"Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")), "Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")),
"238" => array ("ext" => "FALSE", "Headline" => _("Session timeout"), "238" => array ("ext" => "FALSE", "Headline" => _("Session timeout"),
"Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")), "Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),
"239" => array ("ext" => "FALSE", "Headline" => _("Log level"),
"Text" => _("Please select your prefered log level. Messages with a lower level will not be logged.")),
"240" => array ("ext" => "FALSE", "Headline" => _("Log destination"),
"Text" => _("Here you can select where LAM should save its log messages. System logging will go to Syslog on Unix systems and event log on Windows. You can also select an extra file.")),
"250" => array ("ext" => "FALSE", "Headline" => _("Account lists - Filters"), "250" => array ("ext" => "FALSE", "Headline" => _("Account lists - Filters"),
"Text" => _("Here you can input small filter expressions (e.g. 'value' or 'v*'). LAM will filter case-insensitive.")), "Text" => _("Here you can input small filter expressions (e.g. 'value' or 'v*'). LAM will filter case-insensitive.")),
// 300 - 399 // 300 - 399

View File

@ -721,12 +721,24 @@ class CfgMain {
/** Time of inactivity before session times out (minutes) */ /** Time of inactivity before session times out (minutes) */
var $sessionTimeout; var $sessionTimeout;
/** log level */
var $logLevel;
/** log destination ("SYSLOG":syslog, "/...":file, "NONE":none) */
var $logDestination;
/** list of data fields to save in config file */
var $settings = array("password", "default", "sessionTimeout", "logLevel", "logDestination");
/** /**
* Loads preferences from config file * Loads preferences from config file
*/ */
function CfgMain() { function CfgMain() {
// set default values
$this->sessionTimeout = 30; $this->sessionTimeout = 30;
$this->logLevel = LOG_NOTICE;
$this->logDestination = "SYSLOG";
$this->reload(); $this->reload();
} }
@ -745,17 +757,13 @@ class CfgMain {
$line = trim($line); // remove spaces at the beginning and end $line = trim($line); // remove spaces at the beginning and end
if (($line == "")||($line[0] == "#")) continue; // ignore comments if (($line == "")||($line[0] == "#")) continue; // ignore comments
// search keywords // search keywords
if (substr($line, 0, 10) == "password: ") { for ($i = 0; $i < sizeof($this->settings); $i++) {
$this->password = substr($line, 10, strlen($line) - 10); $keyword = $this->settings[$i];
continue; $keylen = strlen($keyword);
} if (strtolower(substr($line, 0, $keylen + 2)) == strtolower($keyword . ": ")) {
if (substr($line, 0, 9) == "default: ") { $this->$keyword = substr($line, $keylen + 2, strlen($line) - $keylen - 2);
$this->default = substr($line, 9, strlen($line) - 9); break;
continue; }
}
if (substr($line, 0, 16) == "sessionTimeout: ") {
$this->sessionTimeout = intval(substr($line, 16, strlen($line) - 16));
continue;
} }
} }
fclose($file); fclose($file);
@ -779,30 +787,28 @@ class CfgMain {
} }
fclose($file); fclose($file);
// generate new configuration file // generate new configuration file
$saved = array();
for ($i = 0; $i < sizeof($file_array); $i++) { for ($i = 0; $i < sizeof($file_array); $i++) {
if (($file_array[$i] == "\n")||($file_array[$i][0] == "#")) continue; // ignore comments $line = trim($file_array[$i]);
// search for keywords if (($line == "")||($line[0] == "#")) continue; // ignore comments and empty lines
if (substr($file_array[$i], 0, 10) == "password: ") { // search keywords
$file_array[$i] = "password: " . $this->password . "\n"; for ($k = 0; $k < sizeof($this->settings); $k++) {
$save_password = True; $keyword = $this->settings[$k];
continue; $keylen = strlen($keyword);
} if (strtolower(substr($line, 0, $keylen + 1)) == strtolower($keyword . ":")) {
if (substr($file_array[$i], 0, 9) == "default: ") { $file_array[$i] = $keyword . ": " . $this->$keyword . "\n";
$file_array[$i] = "default: " . $this->default . "\n"; $saved[] = $keyword; // mark keyword as saved
$save_default = True; break;
continue; }
}
if (substr($file_array[$i], 0, 16) == "sessionTimeout: ") {
$file_array[$i] = "sessionTimeout: " . $this->sessionTimeout . "\n";
$save_sessionTimeout = True;
continue;
} }
} }
} }
// check if we have to add new entries (e.g. if user upgraded LAM and has an old config file) // check if we have to add new entries (e.g. if user upgraded LAM and has an old config file)
if (!$save_password == True) array_push($file_array, "\n\n# password to add/delete/rename configuration profiles\n" . "password: " . $this->password); if (!in_array("password", $saved)) array_push($file_array, "\n\n# password to add/delete/rename configuration profiles\n" . "password: " . $this->password);
if (!$save_default == True) array_push($file_array, "\n\n# default profile, without \".conf\"\n" . "default: " . $this->default); if (!in_array("default", $saved)) array_push($file_array, "\n\n# default profile, without \".conf\"\n" . "default: " . $this->default);
if (!$save_sessionTimeout == True) array_push($file_array, "\n\n# session timeout in minutes\n" . "sessionTimeout: " . $this->sessionTimeout); if (!in_array("sessionTimeout", $saved)) array_push($file_array, "\n\n# session timeout in minutes\n" . "sessionTimeout: " . $this->sessionTimeout);
if (!in_array("logLevel", $saved)) array_push($file_array, "\n\n# log level\n" . "logLevel: " . $this->logLevel);
if (!in_array("logDestination", $saved)) array_push($file_array, "\n\n# log destination\n" . "logDestination: " . $this->logDestination);
$file = @fopen($conffile, "w"); $file = @fopen($conffile, "w");
if ($file) { if ($file) {
for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]); for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]);
@ -813,7 +819,7 @@ class CfgMain {
exit; exit;
} }
} }
} }
?> ?>

View File

@ -41,6 +41,8 @@ include_once("baseModule.inc");
include_once("ldap.inc"); include_once("ldap.inc");
/** lamdaemon functions */ /** lamdaemon functions */
include_once("lamdaemon.inc"); include_once("lamdaemon.inc");
/** security functions */
include_once("security.inc");
/** /**
* This includes all module files. * This includes all module files.

View File

@ -30,6 +30,8 @@ $Id$
/** configuration options */ /** configuration options */
include_once('config.inc'); include_once('config.inc');
/** ldap connection */
include_once('ldap.inc');
/** /**
* Starts a session and checks the environment. * Starts a session and checks the environment.
@ -98,6 +100,9 @@ function getValidUserDNs($dn) {
* *
*/ */
function logoffAndBackToLoginPage() { function logoffAndBackToLoginPage() {
// log message
$ldapUser = $_SESSION['ldap']->decrypt_login();
logNewMessage(LOG_WARNING, 'Session of user ' . $ldapUser[0] . ' expired.');
// delete key and iv in cookie // delete key and iv in cookie
if (function_exists('mcrypt_create_iv')) { if (function_exists('mcrypt_create_iv')) {
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/"); setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
@ -134,4 +139,42 @@ function logoffAndBackToLoginPage() {
die(); die();
} }
/**
* Puts a new message in the log file.
*
* @param string $level log level (LOG_NOTICE, LOG_WARNING, LOG_ERR)
* @param string $message log message
*/
function logNewMessage($level, $message) {
$possibleLevels = array(LOG_NOTICE => 'NOTICE', LOG_WARNING => 'WARNING', LOG_ERR => 'ERROR');
if (!in_array($level, array_keys($possibleLevels))) StatusMessage('ERROR', 'Invalid log level!', $level);
if (isset($_SESSION['cfgMain'])) $cfg = $_SESSION['cfgMain'];
else $cfg = new CfgMain();
// check if logging is disabled
if ($cfg->logDestination == 'NONE') return;
// check if log level is high enough
elseif ($cfg->logLevel < $level) return;
// ok to log, build log message
$prefix = "LDAP Account Manager - " . $possibleLevels[$level] . ": ";
$message = $prefix . $message;
// Syslog logging
if ($cfg->logDestination == 'SYSLOG') {
syslog($level, $message);
}
// log to file
else {
touch($cfg->logDestination);
if (is_writable($cfg->logDestination)) {
$file = fopen($cfg->logDestination, 'a');
if ($file) {
fwrite($file, $message . "\n");
fclose($file);
}
}
else {
StatusMessage('ERROR', 'Unable to write to log file!', $cfg->logDestination);
}
}
}
?> ?>

View File

@ -70,6 +70,13 @@ echo $_SESSION['header'];
// check if submit button was pressed // check if submit button was pressed
if ($_POST['submit']) { if ($_POST['submit']) {
// remove double slashes if magic quotes are on
if (get_magic_quotes_gpc() == 1) {
$postKeys = array_keys($_POST);
for ($i = 0; $i < sizeof($postKeys); $i++) {
if (is_string($_POST[$postKeys[$i]])) $_POST[$postKeys[$i]] = stripslashes($_POST[$postKeys[$i]]);
}
}
$errors = array(); $errors = array();
// set master password // set master password
if (isset($_POST['masterpassword']) && ($_POST['masterpassword'] != "")) { if (isset($_POST['masterpassword']) && ($_POST['masterpassword'] != "")) {
@ -82,6 +89,17 @@ if ($_POST['submit']) {
} }
// set session timeout // set session timeout
$cfg->sessionTimeout = $_POST['sessionTimeout']; $cfg->sessionTimeout = $_POST['sessionTimeout'];
// set log level
$cfg->logLevel = $_POST['logLevel'];
// set log destination
if ($_POST['logDestination'] == "none") $cfg->logDestination = "NONE";
elseif ($_POST['logDestination'] == "syslog") $cfg->logDestination = "SYSLOG";
else {
if (isset($_POST['logFile']) && ($_POST['logFile'] != "") && eregi("^[a-z0-9/\\\:\\._-]+$", $_POST['logFile'])) {
$cfg->logDestination = $_POST['logFile'];
}
else $errors[] = _("The log file is empty or contains invalid characters! Valid characters are: a-z, A-Z, 0-9, /, \\, ., :, _ and -.");
}
// save settings // save settings
$cfg->save(); $cfg->save();
// print messages // print messages
@ -136,6 +154,97 @@ if ($_POST['submit']) {
</table> </table>
</fieldset> </fieldset>
<BR> <BR>
<fieldset>
<legend><b> <?php echo _("Logging"); ?> </b></legend>
<p>
<table cellspacing="0" border="0">
<!-- log level -->
<tr>
<td>
<?php echo _("Log level"); ?>
<SELECT name="logLevel">
<?php
$options = array(_("Notice"), _("Warning"), _("Error"));
$levels = array(LOG_NOTICE, LOG_WARNING, LOG_ERR);
for ($i = 0; $i < sizeof($options); $i++) {
if ($cfg->logLevel == $levels[$i]) {
echo "<option selected value=\"" . $levels[$i] . "\">" . $options[$i] . "</option>";
}
else {
echo "<option value=\"" . $levels[$i] . "\">" . $options[$i] . "</option>";
}
}
?>
</SELECT>
</td>
<td>&nbsp;
<?PHP
// help link
echo "<a href=\"../help.php?HelpNumber=239\" target=\"lamhelp\">";
echo "<img src=\"../../graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">";
echo "</a>\n";
?>
</td>
</tr>
<TR><TD colspan="2">&nbsp;</TD></TR>
<TR>
<TD>
<?PHP
echo _("Log destination") . ":";
?>
</TD>
<TD>&nbsp;
<?PHP
// help link
echo "<a href=\"../help.php?HelpNumber=240\" target=\"lamhelp\">";
echo "<img src=\"../../graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">";
echo "</a>\n";
?>
</TD>
</TR>
<TR>
<TD colspan="2">
<?PHP
$noLogChecked = false;
if ($cfg->logDestination == "NONE") $noLogChecked = true;
echo "<input type=\"radio\" name=\"logDestination\" value=\"none\"";
if ($noLogChecked) echo " checked";
echo ">" . _("No logging") . "\n";
?>
</TD>
</TR>
<TR>
<TD colspan="2">
<?PHP
$syslogChecked = false;
if ($cfg->logDestination == "SYSLOG") {
$syslogChecked = true;
}
echo "<input type=\"radio\" name=\"logDestination\" value=\"syslog\"";
if ($syslogChecked) echo " checked";
echo ">" . _("System logging") . "\n";
?>
</TD>
</TR>
<TR>
<TD colspan="2">
<?PHP
$logFile = "";
$logFileChecked = false;
if (($cfg->logDestination != "NONE") && ($cfg->logDestination != "SYSLOG")) {
$logFile = $cfg->logDestination;
$logFileChecked = true;
}
echo "<input type=\"radio\" name=\"logDestination\" value=\"file\"";
if ($logFileChecked) echo " checked";
echo ">" . _("File") . "\n";
echo "<input type=\"text\" name=\"logFile\" value=\"" . $logFile . "\">\n";
?>
</TD>
</TR>
</table>
</fieldset>
<BR>
<fieldset> <fieldset>
<legend><b> <?php echo _("Change master password"); ?> </b></legend> <legend><b> <?php echo _("Change master password"); ?> </b></legend>
<p> <p>

View File

@ -30,6 +30,8 @@ $Id$
/** status messages */ /** status messages */
include_once("../lib/status.inc"); include_once("../lib/status.inc");
/** security functions */
include_once("../lib/security.inc");
// check environment // check environment
$criticalErrors = array(); $criticalErrors = array();
@ -193,7 +195,7 @@ function display_LoginPage($config_object) {
<table width="580"> <table width="580">
<tr> <tr>
<td style="border-style:none" height="70" colspan="2" align="center"> <td style="border-style:none" height="70" colspan="2" align="center">
<font color="darkblue"><b><big><?php echo _("Please select your user name and enter your password to log in"); ?></big></b></font> <font color="darkblue"><b><big><?php echo _("Please select your user name and enter your password to log in."); ?></big></b></font>
</td> </td>
</tr> </tr>
<tr> <tr>
@ -289,7 +291,7 @@ function display_LoginPage($config_object) {
<tr> <tr>
<td style="border-style:none" height="30"><b> <td style="border-style:none" height="30"><b>
<?php <?php
echo _("Configuration profile") . ": "; echo _("Server profile") . ": ";
if(empty($_POST['profileChange'])) { if(empty($_POST['profileChange'])) {
$_POST['profile'] = $_SESSION['config']->file; $_POST['profile'] = $_SESSION['config']->file;
} }
@ -368,29 +370,31 @@ if(!empty($_POST['checklogin']))
$_SESSION['sec_session_id'] = session_id(); $_SESSION['sec_session_id'] = session_id();
$_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['sec_sessionTime'] = time(); $_SESSION['sec_sessionTime'] = time();
// logging
logNewMessage(LOG_NOTICE, 'User ' . $_POST['username'] . ' successfully logged in.');
// Load main frame // Load main frame
include("./main.php"); include("./main.php");
} }
else else
{ {
if ($result === False) if ($result === False) {
{
$error_message = _("Cannot connect to specified LDAP server. Please try again."); $error_message = _("Cannot connect to specified LDAP server. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
display_LoginPage($_SESSION['config']); // connection failed display_LoginPage($_SESSION['config']); // connection failed
} }
elseif ($result == 81) elseif ($result == 81) {
{
$error_message = _("Cannot connect to specified LDAP server. Please try again."); $error_message = _("Cannot connect to specified LDAP server. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
display_LoginPage($_SESSION['config']); // connection failed display_LoginPage($_SESSION['config']); // connection failed
} }
elseif ($result == 49) elseif ($result == 49) {
{
$error_message = _("Wrong password/user name combination. Please try again."); $error_message = _("Wrong password/user name combination. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' failed to log in (wrong password).');
display_LoginPage($_SESSION['config']); // Username/password invalid. Return to login page. display_LoginPage($_SESSION['config']); // Username/password invalid. Return to login page.
} }
else else {
{
$error_message = _("LDAP error, server says:") . "\n<br>($result) " . ldap_err2str($result); $error_message = _("LDAP error, server says:") . "\n<br>($result) " . ldap_err2str($result);
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
display_LoginPage($_SESSION['config']); // other errors display_LoginPage($_SESSION['config']); // other errors
} }
} }

View File

@ -45,6 +45,10 @@ include_once("../lib/ldap.inc");
// start session // start session
startSecureSession(); startSecureSession();
// log message
$ldapUser = $_SESSION['ldap']->decrypt_login();
logNewMessage(LOG_NOTICE, 'User ' . $ldapUser[0] . ' logged off.');
// close LDAP connection // close LDAP connection
@$_SESSION["ldap"]->destroy(); @$_SESSION["ldap"]->destroy();