diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 9afbadfc..c2ee1658 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -1483,7 +1483,6 @@ function getCallingURL($baseUrl = '') { elseif (!empty($_SERVER['HTTP_REFERER'])) { $url = $_SERVER['HTTP_REFERER']; } - logNewMessage(LOG_DEBUG, 'Calling URL detected as ' . $url); return $url; } diff --git a/lam/lib/modules/asteriskExtension.inc b/lam/lib/modules/asteriskExtension.inc index a123ebe7..006e3286 100644 --- a/lam/lib/modules/asteriskExtension.inc +++ b/lam/lib/modules/asteriskExtension.inc @@ -663,8 +663,7 @@ class asteriskExtension extends baseModule { * @return String owner */ function getDefaultExtensionOwner(){ - $credentials = $_SESSION['ldap']->decrypt_login(); - return $credentials[0]; + return $_SESSION['ldap']->getUserName(); } /** diff --git a/lam/lib/modules/imapAccess.inc b/lam/lib/modules/imapAccess.inc index 75c5d7d5..d08c4d11 100644 --- a/lam/lib/modules/imapAccess.inc +++ b/lam/lib/modules/imapAccess.inc @@ -3,7 +3,7 @@ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2010 - 2011 Pavel Pozdniak - 2010 - 2018 Roland Gruber + 2010 - 2019 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -248,7 +248,6 @@ class imapAccess extends baseModule { $return->addElement(new htmlHelpLink('MailAddress'), true); $return->addElement(new htmlSpacer(null, '10px'), true); - $is_mailbox_exist = false; //default is false $list = imap_list($mbox, "{" . $imap_server_address . "}", $prefix . $this->getSep() . $this->user); if (is_array($list) && sizeof($list) == 1) { $this->renderQuotasForMailbox($return, $mbox, $prefix . $this->getSep() . $this->user); @@ -550,10 +549,9 @@ class imapAccess extends baseModule { */ public function check_configOptions($typeIds, &$options) { $errors = parent::check_configOptions($typeIds, $options); - if ($options['ImapAccess_ImapAdminPasswordSelect'][0] == 'config') { - if (empty($options['ImapAccess_ImapAdminPassword'][0])) { - $errors[] = $this->messages['config'][2]; - } + if (($options['ImapAccess_ImapAdminPasswordSelect'][0] == 'config') + && empty($options['ImapAccess_ImapAdminPassword'][0])) { + $errors[] = $this->messages['config'][2]; } return $errors; } @@ -582,8 +580,7 @@ class imapAccess extends baseModule { $attrNames = array_values(array_unique($attrNames)); $attrNames = array_change_key_case($attrNames, CASE_LOWER); // read LAM login user data - $data = $_SESSION['ldap']->decrypt_login(); - $dn = $data[0]; + $dn = $_SESSION['ldap']->getUserName(); $sr = @ldap_read($_SESSION['ldap']->server(), $dn, '(objectclass=*)', $attrNames, 0, 0, 0, LDAP_DEREF_NEVER); if ($sr) { $info = @ldap_get_entries($_SESSION['ldap']->server(), $sr); @@ -617,8 +614,7 @@ class imapAccess extends baseModule { $imap_admin_password = lamDecrypt($_SESSION['imapAdmPass']); } elseif (isset($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0]) && ($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "lam_user_pass")) { - $credentials = $_SESSION['ldap']->decrypt_login(); - $imap_admin_password = $credentials[1]; + $imap_admin_password = $_SESSION['ldap']->getPassword(); } elseif (!empty($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0]) && ($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "config") && !empty($this->moduleSettings['ImapAccess_ImapAdminPassword'][0])) { @@ -678,8 +674,7 @@ class imapAccess extends baseModule { else { $validate_opt = "validate-cert"; } - $imap_server_address = $imap_server_name . ":" . $imap_port_number . "/" . $imap_encryption_protocol . "/" . $validate_opt; - return $imap_server_address; + return $imap_server_name . ":" . $imap_port_number . "/" . $imap_encryption_protocol . "/" . $validate_opt; } /** diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc index 3742a70c..d8fec8ee 100644 --- a/lam/lib/modules/inetOrgPerson.inc +++ b/lam/lib/modules/inetOrgPerson.inc @@ -6,7 +6,7 @@ use LAM\PDF\PDFImage; This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Tilo Lutz - 2005 - 2018 Roland Gruber + 2005 - 2019 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -928,19 +928,17 @@ class inetOrgPerson extends baseModule implements passwordService { $dn = 'ou=addressbook,' . $accountContainer->finalDN; $result = ldapGetDN($dn); if (empty($result)) { - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; $attrs = array( 'objectClass' => array('organizationalUnit'), 'ou' => 'addressbook' ); $success = @ldap_add($_SESSION['ldap']->server(), $dn, $attrs); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add addressbook for user ' . $accountContainer->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to add addressbook for user ' . $accountContainer->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_("Was unable to create DN: %s."), htmlspecialchars($dn)), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added addressbook for user ' . $accountContainer->finalDN); + logNewMessage(LOG_NOTICE, 'Added addressbook for user ' . $accountContainer->finalDN); } } } diff --git a/lam/lib/modules/nisMailAliasUser.inc b/lam/lib/modules/nisMailAliasUser.inc index a4a01588..8b3e6cdd 100644 --- a/lam/lib/modules/nisMailAliasUser.inc +++ b/lam/lib/modules/nisMailAliasUser.inc @@ -1,10 +1,9 @@ colspan = 5; $mailTable->addElement($label, true); } - $found = false; for ($i = 0; $i < $count; $i++) { if (empty($aliases[$i]['rfc822mailmember'])) { continue; @@ -185,7 +183,6 @@ class nisMailAliasUser extends baseModule { if (in_array($mails[$m], $members) && (!isset($this->recipientsToDelete[$dn]) || !in_array($mails[$m], $this->recipientsToDelete[$dn])) && !in_array($dn, $this->aliasesToDelete)) { - $found = true; $mailTable->addSpace('5px'); $mailTable->addElement(new htmlOutputText($aliases[$i]['cn'][0])); $buttonGroup = new htmlGroup(); @@ -334,7 +331,6 @@ class nisMailAliasUser extends baseModule { function display_html_add() { $return = new htmlTable(); $aliases = $this->getMailAliasList(); - $count = sizeof($aliases); $userName = $this->getUserName(); $mails = $this->getMailAddresses(); $recipient = null; @@ -411,7 +407,6 @@ class nisMailAliasUser extends baseModule { */ function process_add() { $errors = array(); - $mails = $this->getMailAddresses(); // create new alias entry if (isset($_POST['form_subpage_' . get_class($this) . '_attributes_create'])) { if (empty($_POST['new_cn']) || !get_preg($_POST['new_cn'], 'nis_alias')) { @@ -421,7 +416,7 @@ class nisMailAliasUser extends baseModule { // build new alias entry $newDN = 'cn=' . $_POST['new_cn'] . ',' . $_POST['new_ou']; $found = false; - foreach ($this->cachedAliasList as $key => $attrs) { + foreach ($this->cachedAliasList as $attrs) { if ($attrs['dn'] == $newDN) { $found = true; break; @@ -471,28 +466,26 @@ class nisMailAliasUser extends baseModule { */ public function postModifyActions($newAccount, $attributes) { $errors = array(); - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; // delete complete aliases foreach ($this->aliasesToDelete as $dn) { $success = @ldap_delete($_SESSION['ldap']->server(), $dn); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to delete ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $errors[] = array('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed ' . $dn); + logNewMessage(LOG_NOTICE, 'Removed ' . $dn); } } // delete recipient entries foreach ($this->recipientsToDelete as $dn => $recipients) { $success = @ldap_mod_del($_SESSION['ldap']->server(), $dn, array('rfc822mailmember' => $recipients)); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to remove recipients ' . implode(', ', $recipients) . ' from ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to remove recipients ' . implode(', ', $recipients) . ' from ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $errors[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed recipients ' . implode(', ', $recipients) . ' from ' . $dn); + logNewMessage(LOG_NOTICE, 'Removed recipients ' . implode(', ', $recipients) . ' from ' . $dn); } } // create new aliases @@ -500,22 +493,22 @@ class nisMailAliasUser extends baseModule { unset($attrs['dn']); $success = @ldap_add($_SESSION['ldap']->server(), $dn, $attrs); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to create mail alias ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to create mail alias ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $errors[] = array('ERROR', sprintf(_('Was unable to create DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added mail alias with recipients ' . implode(', ', $attrs['rfc822mailmember']) . ' and DN ' . $dn); + logNewMessage(LOG_NOTICE, 'Added mail alias with recipients ' . implode(', ', $attrs['rfc822mailmember']) . ' and DN ' . $dn); } } // add recipients foreach ($this->recipientsToAdd as $dn => $recipients) { $success = @ldap_mod_add($_SESSION['ldap']->server(), $dn, array('rfc822mailmember' => $recipients)); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add recipients ' . implode(', ', $recipients) . ' to ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to add recipients ' . implode(', ', $recipients) . ' to ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $errors[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added recipients ' . implode(', ', $recipients) . ' to ' . $dn); + logNewMessage(LOG_NOTICE, 'Added recipients ' . implode(', ', $recipients) . ' to ' . $dn); } } return $errors; diff --git a/lam/lib/modules/nisNetGroupUser.inc b/lam/lib/modules/nisNetGroupUser.inc index 394e2e83..f386d193 100644 --- a/lam/lib/modules/nisNetGroupUser.inc +++ b/lam/lib/modules/nisNetGroupUser.inc @@ -6,7 +6,7 @@ use \LAM\TYPES\TypeManager; /* This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2015 - 2018 Roland Gruber + Copyright (C) 2015 - 2019 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -315,8 +315,6 @@ class nisNetGroupUser extends baseModule { if (empty($uid)) { return array(); } - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; $messages = array(); // calculate differences $toRem = $this->groupsOrig; @@ -370,7 +368,7 @@ class nisNetGroupUser extends baseModule { ); $success = @ldap_mod_replace($_SESSION['ldap']->server(), $dn, $attributes); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } } @@ -397,8 +395,6 @@ class nisNetGroupUser extends baseModule { if (empty($uid)) { return array(); } - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; $return = array(); // remove from NIS netgroups $changes = array(); @@ -419,7 +415,7 @@ class nisNetGroupUser extends baseModule { ); $success = @ldap_mod_replace($_SESSION['ldap']->server(), $dn, $attributes); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } } diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc index abf71319..2b4fba86 100644 --- a/lam/lib/modules/posixAccount.inc +++ b/lam/lib/modules/posixAccount.inc @@ -601,7 +601,6 @@ class posixAccount extends baseModule implements passwordService { *
"info" are values with informational value (e.g. to be used later by pre/postModify actions) */ function save_attributes() { - $typeId = $this->getAccountContainer()->get_type()->getId(); if (!$this->skipObjectClass() && (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass']))) { // skip saving if the extension was not added/modified return array(); @@ -656,7 +655,7 @@ class posixAccount extends baseModule implements passwordService { $add = array_delete($this->groups_orig, $this->groups); $remove = array_delete($this->groups, $this->groups_orig); $groupList = searchLDAPByAttribute('cn', '*', 'posixGroup', array('cn', 'dn'), array('group')); - $dn2cn = array(); + $cn2dn = array(); for ($i = 0; $i < sizeof($groupList); $i++) { $cn2dn[$groupList[$i]['cn'][0]] = $groupList[$i]['dn']; } @@ -815,8 +814,6 @@ class posixAccount extends baseModule implements passwordService { $gons = $this->findGroupOfNames(); $toAdd = array_values(array_diff($this->gonList, $this->gonList_orig)); $toRem = array_values(array_diff($this->gonList_orig, $this->gonList)); - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; // update groups if DN changed if (isset($accountContainer->dn_orig) && ($accountContainer->dn_orig != $accountContainer->finalDN)) { // update owner/member/uniqueMember attributes @@ -837,7 +834,7 @@ class posixAccount extends baseModule implements passwordService { $success = @ldap_mod_replace($_SESSION['ldap']->server(), $ownerGroups[$i]['dn'], array($searchAttr => $newOwners)); if (!$success) { $ldapError = getDefaultLDAPErrorString($_SESSION['ldap']->server()); - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $ownerGroups[$i]['dn'] . ' (' . $ldapError . ').'); + logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $ownerGroups[$i]['dn'] . ' (' . $ldapError . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $ownerGroups[$i]['dn']), $ldapError); } } @@ -853,11 +850,11 @@ class posixAccount extends baseModule implements passwordService { } $success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array($attrName => array($accountContainer->finalDN))); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to add user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i]); + logNewMessage(LOG_NOTICE, 'Added user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i]); } } } @@ -870,11 +867,11 @@ class posixAccount extends baseModule implements passwordService { } $success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array($attrName => array($accountContainer->dn_orig))); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to delete user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i]); + logNewMessage(LOG_NOTICE, 'Removed user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i]); } } } @@ -3385,10 +3382,10 @@ class posixAccount extends baseModule implements passwordService { } return true; } - + /** * Returns if the module manages the password attribute. - * + * * @param string $typeId account type id * @return boolean manages password */ @@ -3557,6 +3554,7 @@ class posixAccount extends baseModule implements passwordService { $types = $typeManager->getConfiguredTypesForScopes(array('gon', 'group')); foreach ($types as $type) { $typeFilter = get_ldap_filter($type->getId()); + echo $type->getId() . $typeFilter; $results = searchLDAP($type->getSuffix(), $typeFilter, array('cn', 'dn', 'objectClass')); for ($i = 0; $i < sizeof($results); $i++) { if ((in_array_ignore_case('groupOfNames', $results[$i]['objectclass']) diff --git a/lam/lib/security.inc b/lam/lib/security.inc index 82736a4c..a51ba3c4 100644 --- a/lam/lib/security.inc +++ b/lam/lib/security.inc @@ -270,7 +270,7 @@ function logNewMessage($level, $message) { return; } // ok to log, build log message - $prefix = "LDAP Account Manager (" . session_id() . ' - ' . getClientIPForLogging() . ") - " . $possibleLevels[$level] . ": "; + $prefix = "LDAP Account Manager (" . session_id() . ' - ' . getClientIPForLogging() . ' - ' . getLamLdapUser() . ") - " . $possibleLevels[$level] . ": "; $message = $prefix . $message; // Syslog logging if ($cfg->logDestination == 'SYSLOG') { @@ -608,6 +608,21 @@ function getClientIPForLogging() { return $ip; } +/** + * Returns the login dn of the current user. + * + * @return string user DN + */ +function getLamLdapUser() { + if (isset($_SESSION['ldap'])) { + return $_SESSION['ldap']->getUserName(); + } + elseif (isset($_SESSION['selfService_clientDN'])) { + return lamDecrypt($_SESSION['selfService_clientDN'], 'SelfService'); + } + return ''; +} + /** * Adds a security token to the session to prevent CSRF attacks. *