WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

support lamdaemon authentication with SSH key

This commit is contained in:
Roland Gruber 2016-08-08 22:01:36 +02:00
parent 7a580d0296
commit b5e8794163
10 changed files with 235 additions and 326 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lam/HISTORY
View File

@ -1,5 +1,6 @@
September 2016 September 2016
- Windows: allow to show effective members of a group - Windows: allow to show effective members of a group
- Lamdaemon: support SSH key authentication
- LAM Pro: - LAM Pro:
-> Group of names/members + roles: allow to show effective members of a group -> Group of names/members + roles: allow to show effective members of a group
-> Cron jobs: -> Cron jobs:

6
lam/help/help.inc
View File

@ -211,6 +211,12 @@ $helpArray = array (
"Text" => _('Default method to output a random password.')), "Text" => _('Default method to output a random password.')),
'283' => array ("Headline" => _('Force password change by default'), '283' => array ("Headline" => _('Force password change by default'),
"Text" => _('Enforce password change on next login by default.')), "Text" => _('Enforce password change on next login by default.')),
'284' => array ("Headline" => _('User name'),
"Text" => _('User name for SSH connection to lamdaemon server. If empty the user name of the person who is logged into LAM will be used.')),
'285' => array ("Headline" => _('SSH key file'),
"Text" => _('Path to SSH key file to connect to lamdaemon server. If empty then password authentication with the person\'s password who is logged into LAM will be used.')),
'286' => array ("Headline" => _('SSH key password'),
"Text" => _('Password to unlock SSH key file.')),
// 300 - 399 // 300 - 399
// profile editor, file upload // profile editor, file upload
"301" => array ("Headline" => _("RDN identifier"), "301" => array ("Headline" => _("RDN identifier"),

75
lam/lib/config.inc
View File

@ -475,6 +475,21 @@ class LAMConfig {
*/ */
private $scriptServer; private $scriptServer;
/**
* user name for lamdaemon
*/
private $scriptUserName;
/**
* File name of SSH key for lamdaemon.
*/
private $scriptSSHKey;
/**
* Password for lamdaemon SSH key.
*/
private $scriptSSHKeyPassword;
/** LDAP cache timeout */ /** LDAP cache timeout */
private $cachetimeout; private $cachetimeout;
@ -560,7 +575,8 @@ class LAMConfig {
'lamProMailText', 'lamProMailIsHTML', 'lamProMailAllowAlternateAddress', 'httpAuthentication', 'loginSearchDN', 'lamProMailText', 'lamProMailIsHTML', 'lamProMailAllowAlternateAddress', 'httpAuthentication', 'loginSearchDN',
'loginSearchPassword', 'timeZone', 'jobsBindUser', 'jobsBindPassword', 'jobsDatabase', 'jobToken', 'jobs', 'loginSearchPassword', 'timeZone', 'jobsBindUser', 'jobsBindPassword', 'jobsDatabase', 'jobToken', 'jobs',
'jobsDBHost', 'jobsDBPort', 'jobsDBUser', 'jobsDBPassword', 'jobsDBName', 'pwdResetAllowSpecificPassword', 'jobsDBHost', 'jobsDBPort', 'jobsDBUser', 'jobsDBPassword', 'jobsDBName', 'pwdResetAllowSpecificPassword',
'pwdResetAllowScreenPassword', 'pwdResetForcePasswordChange', 'pwdResetDefaultPasswordOutput' 'pwdResetAllowScreenPassword', 'pwdResetForcePasswordChange', 'pwdResetDefaultPasswordOutput',
'scriptUserName', 'scriptSSHKey', 'scriptSSHKeyPassword'
); );
@ -753,6 +769,9 @@ class LAMConfig {
if (!in_array("scriptPath", $saved)) array_push($file_array, "\n\n# Path to external Script\n" . "scriptPath: " . $this->scriptPath . "\n"); if (!in_array("scriptPath", $saved)) array_push($file_array, "\n\n# Path to external Script\n" . "scriptPath: " . $this->scriptPath . "\n");
if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Servers of external script\n" . "scriptServer: " . $this->scriptServer . "\n"); if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Servers of external script\n" . "scriptServer: " . $this->scriptServer . "\n");
if (!in_array("scriptRights", $saved)) array_push($file_array, "\n\n# Access rights for home directories\n" . "scriptRights: " . $this->scriptRights . "\n"); if (!in_array("scriptRights", $saved)) array_push($file_array, "\n\n# Access rights for home directories\n" . "scriptRights: " . $this->scriptRights . "\n");
if (!in_array("scriptUserName", $saved)) array_push($file_array, "\n" . "scriptUserName: " . $this->scriptUserName . "\n");
if (!in_array("scriptSSHKey", $saved)) array_push($file_array, "\n" . "scriptSSHKey: " . $this->scriptSSHKey . "\n");
if (!in_array("scriptSSHKeyPassword", $saved)) array_push($file_array, "\n" . "scriptSSHKeyPassword: " . $this->scriptSSHKeyPassword . "\n");
if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n"); if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n");
if (!in_array("searchLimit", $saved)) array_push($file_array, "\n\n# LDAP search limit.\n" . "searchLimit: " . $this->searchLimit . "\n"); if (!in_array("searchLimit", $saved)) array_push($file_array, "\n\n# LDAP search limit.\n" . "searchLimit: " . $this->searchLimit . "\n");
if (!in_array("activeTypes", $saved)) array_push($file_array, "\n\n# List of active account types.\n" . "activeTypes: " . $this->activeTypes . "\n"); if (!in_array("activeTypes", $saved)) array_push($file_array, "\n\n# List of active account types.\n" . "activeTypes: " . $this->activeTypes . "\n");
@ -1271,6 +1290,60 @@ class LAMConfig {
} }
} }
/**
* Returns the path to lamdamon SSH key.
*
* @return string key path
*/
public function getScriptSSHKey() {
return $this->scriptSSHKey;
}
/**
* Sets the path to lamdamon SSH key.
*
* @param string $value key path
*/
public function setScriptSSHKey($value) {
$this->scriptSSHKey = $value;
}
/**
* Returns the password for the lamdamon SSH key.
*
* @return string password
*/
public function getScriptSSHKeyPassword() {
return $this->scriptSSHKeyPassword;
}
/**
* Sets the password for the lamdamon SSH key.
*
* @param string $value password
*/
public function setScriptSSHKeyPassword($value) {
$this->scriptSSHKeyPassword = $value;
}
/**
* Returns the lamdaemon user name.
*
* @return string user name
*/
public function getScriptUserName() {
return $this->scriptUserName;
}
/**
* Sets the lamdaemon user name.
*
* @param string $value user name
*/
public function setScriptUserName($value) {
$this->scriptUserName = $value;
}
/** /**
* Returns the LDAP cache timeout in minutes * Returns the LDAP cache timeout in minutes
* *

95
lam/lib/lamdaemon.inc
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2004 - 2011 Roland Gruber Copyright (C) 2004 - 2016 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -46,40 +46,83 @@ function lamdaemon($command, $server) {
// add phpseclib to include path // add phpseclib to include path
set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . '/3rdParty/phpseclib'); set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . '/3rdParty/phpseclib');
include_once('Net/SSH2.php'); include_once('Net/SSH2.php');
// get username and password of the current lam-admin try {
$credentials = $_SESSION['ldap']->decrypt_login(); $handle = lamConnectSSH($server);
}
catch (Exception $e) {
return array("ERROR," . $e->getMessage() . "," . $server);
}
$output = $handle->exec("sudo " . $_SESSION['config']->get_scriptPath() . ' ' . escapeshellarg($command));
return array($output);
}
/**
* Connects to the given SSH server.
*
* @param String $server server name (e.g. localhost or localhost,1234)
* @return object handle
*/
function lamConnectSSH($server) {
// add phpseclib to include path
set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . '/3rdParty/phpseclib');
include_once('Net/SSH2.php');
include_once('Crypt/RSA.php');
$serverNameParts = explode(",", $server); $serverNameParts = explode(",", $server);
$handle = false;
if (sizeof($serverNameParts) > 1) { if (sizeof($serverNameParts) > 1) {
$handle = new Net_SSH2($serverNameParts[0], $serverNameParts[1]); $handle = @new Net_SSH2($serverNameParts[0], $serverNameParts[1]);
} }
else { else {
$handle = new Net_SSH2($server); $handle = @new Net_SSH2($server);
} }
if ($handle) { if (!$handle) {
throw new Exception(_("Unable to connect to remote server!"));
}
lamLoginSSH($handle);
return $handle;
}
/**
* Performs a login to the provided SSH handle.
*
* @param handle $handle SSH handle
* @throws Exception login failed
*/
function lamLoginSSH($handle) {
$username = $_SESSION['config']->getScriptUserName();
$credentials = $_SESSION['ldap']->decrypt_login();
if (empty($username)) {
// get user name from current LAM user
$sr = @ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER); $sr = @ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER);
if (!$sr) { if ($sr) {
$return = array("ERROR," . _("Your LAM admin user must be a valid Unix account to work with lamdaemon!") . ","); $entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
return $return; $username = $entry[0]['uid'][0];
} }
$entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr); if (empty($username)) {
if (!isset($entry[0]['uid'][0])) { throw new Exception(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), $credentials[0]));
$return = array("ERROR," . _("Your LAM admin user must be a valid Unix account to work with lamdaemon!") . ",");
return $return;
}
$userName = $entry[0]['uid'][0];
if ($handle->login($userName, $credentials[1])) {
$output = $handle->exec("sudo " . $_SESSION['config']->get_scriptPath() . ' ' . escapeshellarg($command));
$return = array($output);
return $return;
}
else {
$return = array("ERROR," . _('Unable to connect to remote server!') . "," . $server);
return $return;
} }
} }
else { $password = $credentials[1];
$return = array("ERROR," . _('Unable to connect to remote server!') . "," . $server); if (!empty($_SESSION['config']->getScriptSSHKey())) {
return $return; // use key authentication
$keyPath = $_SESSION['config']->getScriptSSHKey();
if (!file_exists($keyPath) || !is_readable($keyPath)) {
throw new Exception(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath)));
}
$key = file_get_contents($keyPath);
$rsa = new Crypt_RSA();
$keyPassword = $_SESSION['config']->getScriptSSHKeyPassword();
if (!empty($keyPassword)) {
$rsa->setPassword($keyPassword);
}
if (!$rsa->loadKey($key)) {
throw new Exception(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath)));
}
$password = $rsa;
}
$login = @$handle->login($username, $password);
if (!$login) {
throw new Exception(_("Unable to login to remote server!"));
} }
} }

10
lam/templates/config/confmain.php
View File

@ -340,6 +340,13 @@ $container->addElement(new htmlSpacer(null, '10px'), true);
$lamdaemonSettingsContent = new htmlTable(); $lamdaemonSettingsContent = new htmlTable();
$lamdaemonSettingsContent->addElement(new htmlTableExtendedInputField(_("Server list"), 'scriptservers', $conf->get_scriptServers(), '218'), true); $lamdaemonSettingsContent->addElement(new htmlTableExtendedInputField(_("Server list"), 'scriptservers', $conf->get_scriptServers(), '218'), true);
$lamdaemonSettingsContent->addElement(new htmlTableExtendedInputField(_("Path to external script"), 'scriptpath', $conf->get_scriptPath(), '210'), true); $lamdaemonSettingsContent->addElement(new htmlTableExtendedInputField(_("Path to external script"), 'scriptpath', $conf->get_scriptPath(), '210'), true);
$lamdaemonSettingsContent->addElement(new htmlTableExtendedInputField(_('User name'), 'scriptuser', $conf->getScriptUserName(), '284'), true);
$lamdaemonSettingsContent->addElement(new htmlTableExtendedInputField(_('SSH key file'), 'scriptkey', $conf->getScriptSSHKey(), '285'), true);
$sshKeyPassword = new htmlTableExtendedInputField(_('SSH key password'), 'scriptkeypassword', $conf->getScriptSSHKeyPassword(), '286');
$sshKeyPassword->setIsPassword(true);
$lamdaemonSettingsContent->addElement($sshKeyPassword, true);
$lamdaemonSettingsContent->addElement(new htmlSpacer(null, '5px'), true); $lamdaemonSettingsContent->addElement(new htmlSpacer(null, '5px'), true);
$lamdaemonSettingsContent->addElement(new htmlOutputText(_("Rights for the home directory"))); $lamdaemonSettingsContent->addElement(new htmlOutputText(_("Rights for the home directory")));
$chmod = $conf->get_scriptRights(); $chmod = $conf->get_scriptRights();
@ -688,6 +695,9 @@ function checkInput() {
if (!$conf->set_scriptrights($chmod)) { if (!$conf->set_scriptrights($chmod)) {
$errors[] = array("ERROR", _("Script rights are invalid!")); $errors[] = array("ERROR", _("Script rights are invalid!"));
} }
$conf->setScriptUserName($_POST['scriptuser']);
$conf->setScriptSSHKey($_POST['scriptkey']);
$conf->setScriptSSHKeyPassword($_POST['scriptkeypassword']);
// tool settings // tool settings
$tools = getTools(); $tools = getTools();
$toolSettings = array(); $toolSettings = array();

106
lam/templates/tests/lamdaemonTest.php
View File

@ -3,18 +3,18 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2015 Roland Gruber Copyright (C) 2006 - 2016 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or the Free Software Foundation; either version 2 of the License, or
(at your option) any later version. (at your option) any later version.
This program is distributed in the hope that it will be useful, This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -83,12 +83,12 @@ else if ((sizeof($servers) > 0) && isset($servers[0]) && ($servers[0] != '')) {
$serverSelect = new htmlSelect('server', $serverOptions); $serverSelect = new htmlSelect('server', $serverOptions);
$serverSelect->setHasDescriptiveElements(true); $serverSelect->setHasDescriptiveElements(true);
$container->addElement($serverSelect, true); $container->addElement($serverSelect, true);
$container->addElement(new htmlOutputText(_("Check quotas"))); $container->addElement(new htmlOutputText(_("Check quotas")));
$container->addElement(new htmlInputCheckbox('checkQuotas', false), true); $container->addElement(new htmlInputCheckbox('checkQuotas', false), true);
$container->addElement(new htmlSpacer(null, '10px'), true); $container->addElement(new htmlSpacer(null, '10px'), true);
$okButton = new htmlButton('runTest', _("Ok")); $okButton = new htmlButton('runTest', _("Ok"));
$okButton->colspan = 2; $okButton->colspan = 2;
$container->addElement($okButton); $container->addElement($okButton);
@ -174,7 +174,7 @@ function lamRunLamdaemonTestSuite($serverName, $serverTitle, $testQuota, $contai
$LAMDAEMON_PROTOCOL_VERSION = '5'; $LAMDAEMON_PROTOCOL_VERSION = '5';
$okImage = "../../graphics/pass.png"; $okImage = "../../graphics/pass.png";
$failImage = "../../graphics/fail.png"; $failImage = "../../graphics/fail.png";
flush(); flush();
$stopTest = false; $stopTest = false;
$spacer = new htmlSpacer('10px', null); $spacer = new htmlSpacer('10px', null);
@ -210,29 +210,34 @@ function lamRunLamdaemonTestSuite($serverName, $serverTitle, $testQuota, $contai
flush(); flush();
// check Unix account of LAM admin // check Unix account of LAM admin
$credentials = $_SESSION['ldap']->decrypt_login();
if (!$stopTest) { if (!$stopTest) {
$container->addElement(new htmlOutputText(_("Unix account"))); if (empty($_SESSION['config']->getScriptUserName())) {
$container->addElement($spacer); $container->addElement(new htmlOutputText(_("Unix account")));
$credentials = $_SESSION['ldap']->decrypt_login(); $container->addElement($spacer);
$unixOk = false; $unixOk = false;
$sr = @ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER); $sr = @ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER);
if ($sr) { if ($sr) {
$entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr); $entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
$userName = $entry[0]['uid'][0]; $userName = $entry[0]['uid'][0];
if ($userName) { if ($userName) {
$unixOk = true; $unixOk = true;
}
}
if ($unixOk) {
$container->addElement(new htmlImage($okImage));
$container->addElement($spacer);
$container->addElement(new htmlOutputText(sprintf(_("Using %s to connect to remote server."), $userName)), true);
}
else {
$container->addElement(new htmlImage($failImage));
$container->addElement($spacer);
$container->addElement(new htmlOutputText(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), $credentials[0])), true);
$stopTest = true;
} }
} }
if ($unixOk) {
$container->addElement(new htmlImage($okImage));
$container->addElement($spacer);
$container->addElement(new htmlOutputText(sprintf(_("Using %s to connect to remote server."), $userName)), true);
}
else { else {
$container->addElement(new htmlImage($failImage)); $userName = $_SESSION['config']->getScriptUserName();
$container->addElement($spacer);
$container->addElement(new htmlOutputText(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), $credentials[0])), true);
$stopTest = true;
} }
} }
@ -244,45 +249,37 @@ function lamRunLamdaemonTestSuite($serverName, $serverTitle, $testQuota, $contai
$container->addElement($spacer); $container->addElement($spacer);
flush(); flush();
$sshOk = false; $sshOk = false;
$handle = lamTestConnectSSH($serverName); try {
if ($handle) { $handle = lamConnectSSH($serverName);
if ($handle->login($userName, $credentials[1])) {
$sshOk = true;
}
}
if ($sshOk) {
$container->addElement(new htmlImage($okImage)); $container->addElement(new htmlImage($okImage));
$container->addElement($spacer); $container->addElement($spacer);
$container->addElement(new htmlOutputText(_("SSH connection could be established.")), true); $container->addElement(new htmlOutputText(_("SSH connection established.")), true);
} }
else { catch (Exception $e) {
$container->addElement(new htmlImage($failImage)); $container->addElement(new htmlImage($failImage));
$container->addElement($spacer); $container->addElement($spacer);
$container->addElement(new htmlOutputText(_("Unable to connect to remote server!")), true); $container->addElement(new htmlOutputText($e->getMessage()), true);
$stopTest = true; $stopTest = true;
} }
} }
flush(); flush();
if (!$stopTest) { if (!$stopTest) {
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "basic", $stopTest, $handle, _("Execute lamdaemon"), $container); $stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "basic", $stopTest, $handle, _("Execute lamdaemon"), $container);
} }
if (!$stopTest) { if (!$stopTest) {
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "version" . $SPLIT_DELIMITER . $LAMDAEMON_PROTOCOL_VERSION, $stopTest, $handle, _("Lamdaemon version"), $container); $stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "version" . $SPLIT_DELIMITER . $LAMDAEMON_PROTOCOL_VERSION, $stopTest, $handle, _("Lamdaemon version"), $container);
} }
if (!$stopTest) { if (!$stopTest) {
$handle = lamTestConnectSSH($serverName); $handle = lamConnectSSH($serverName);
@$handle->login($userName, $credentials[1]);
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "nss" . $SPLIT_DELIMITER . "$userName", $stopTest, $handle, _("Lamdaemon: check NSS LDAP"), $container); $stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "nss" . $SPLIT_DELIMITER . "$userName", $stopTest, $handle, _("Lamdaemon: check NSS LDAP"), $container);
if (!$stopTest && $testQuota) { if (!$stopTest && $testQuota) {
$handle = lamTestConnectSSH($serverName); $handle = lamConnectSSH($serverName);
@$handle->login($userName, $credentials[1]);
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "quota", $stopTest, $handle, _("Lamdaemon: Quota module installed"), $container); $stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "quota", $stopTest, $handle, _("Lamdaemon: Quota module installed"), $container);
$handle = lamTestConnectSSH($serverName); $handle = lamConnectSSH($serverName);
@$handle->login($userName, $credentials[1]);
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "quota" . $SPLIT_DELIMITER . "get" . $SPLIT_DELIMITER . "user", $stopTest, $handle, _("Lamdaemon: read quotas"), $container); $stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "quota" . $SPLIT_DELIMITER . "get" . $SPLIT_DELIMITER . "user", $stopTest, $handle, _("Lamdaemon: read quotas"), $container);
} }
} }
@ -293,23 +290,4 @@ function lamRunLamdaemonTestSuite($serverName, $serverTitle, $testQuota, $contai
$container->addElement($endMessage); $container->addElement($endMessage);
} }
/**
* Connects to the given SSH server.
*
* @param String $server server name (e.g. localhost or localhost,1234)
* @return object handle
*/
function lamTestConnectSSH($server) {
// add phpseclib to include path
set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . '/../../lib/3rdParty/phpseclib');
include_once('Net/SSH2.php');
$serverNameParts = explode(",", $server);
if (sizeof($serverNameParts) > 1) {
return @new Net_SSH2($serverNameParts[0], $serverNameParts[1]);
}
else {
return @new Net_SSH2($server);
}
}
?> ?>

68
lam/tests/conf-main-test.php
View File

@ -1,68 +0,0 @@
<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2013 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* This test reads all preferences from config.cfg. Then it writes new values and verifies
* if they were written. At last the old values are restored.
*
* @author Roland Gruber
* @package tests
*/
/** configuration interface */
include ("../lib/config.inc");
$conf = new LAMCfgMain();
echo "<html><head><title></title><link rel=\"stylesheet\" type=\"text/css\" href=\"../style/500_layout.css\"></head><body>";
echo ("<b> Current Values</b><br><br>");
echo "<b>Default: </b>" . $conf->default . "<br>\n";
echo ("<br><br><big><b> Starting Test...</b></big><br><br>");
// now all prferences are loaded
echo ("Loading preferences...");
$password = 'lam';
$default = $conf->default;
echo ("done<br>");
// next we modify them and save config.cfg
echo ("Changing preferences...");
$conf->setPassword("123456");
$conf->default = "lam";
$conf->save();
echo ("done<br>");
// at last all preferences are read from config.cfg and compared
echo ("Loading and comparing...");
$conf = new LAMCfgMain();
if (!$conf->checkPassword("123456")) echo ("<br><font color=\"#FF0000\">Saving password failed!</font><br>");
if ($conf->default != "lam") echo ("<br><font color=\"#FF0000\">Saving Default failed!</font><br>");
echo ("done<br>");
// restore old values
echo ("Restoring old preferences...");
$conf->setPassword($password);
$conf->default = $default;
$conf->save();
echo ("done<br>");
// finished
echo ("<br><b><font color=\"#00C000\">Test is complete.</font></b>");
echo ("<br><br><b> Current Config</b><br><br>");
echo "<b>Default: </b>" . $conf->default . "<br>\n";
?>

120
lam/tests/conf-test.php
View File

@ -1,120 +0,0 @@
<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2013 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* This test reads all preferences from lam.conf. Then it writes new values and verifies
* if they were written. At last the old values are restored.
*
* @author Roland Gruber
* @package tests
*/
/** access to configuration functions */
include ("../lib/config.inc");
$conf = new LAMConfig('test');
echo "<html><head><title></title><link rel=\"stylesheet\" type=\"text/css\" href=\"../style/500_layout.css\"></head><body>";
echo ("<br><br><big><b> Starting Test...</b></big><br><br>");
// now all preferences are loaded
echo ("Loading preferences...");
$ServerURL = $conf->get_ServerURL();
$cachetimeout = $conf->get_cacheTimeout();
$Adminstring = $conf->get_Adminstring();
$Suff_users = $conf->get_Suffix('user');
$Suff_groups = $conf->get_Suffix('group');
$Suff_hosts = $conf->get_Suffix('host');
$Suff_domains = $conf->get_Suffix('smbDomain');
$userlistAttributes = $conf->get_listAttributes('user');
$grouplistAttributes = $conf->get_listAttributes('group');
$hostlistAttributes = $conf->get_listAttributes('host');
$defaultlanguage = $conf->get_defaultlanguage();
$scriptpath = $conf->get_scriptPath();
$scriptServer = $conf->get_scriptServers();
$scriptRights = $conf->get_scriptRights();
$moduleSettings = $conf->get_moduleSettings();
echo ("done<br>");
// next we modify them and save lam.conf
echo ("Changing preferences...");
$conf->set_ServerURL("ldap://123.345.678.123:777");
$conf->set_cacheTimeout("33");
$conf->set_Passwd("123456abcde");
$conf->set_Adminstring("uid=test,o=test,dc=org;uid=root,o=test2,c=de");
$conf->set_Suffix('user', "ou=test,o=test,c=de");
$conf->set_Suffix('group', "ou=testgrp,o=test,c=de");
$conf->set_Suffix('host', "ou=testhst,o=test,c=de");
$conf->set_Suffix('smbDomain', "ou=testdom,o=test,c=de");
$conf->set_listAttributes("#uid;#cn", 'user');
$conf->set_listAttributes("#gidNumber;#cn;#memberUID", 'group');
$conf->set_listAttributes("#cn;#uid;#description", 'host');
$conf->set_defaultlanguage("de_AT:iso639_de:Deutsch (Oesterreich)");
$conf->set_scriptPath("/var/www/lam/lib/script");
$conf->set_scriptServers("127.0.0.1");
$conf->set_scriptRights('775');
$conf->set_moduleSettings(array("test1" => array(11), "test2" => array("abc"), 'test3' => array(3)));
$conf->save();
echo ("done<br>");
// at last all preferences are read from lam.conf and compared
echo ("Loading and comparing...");
$conf2 = new LAMConfig('test');
if ($conf2->get_ServerURL() != "ldap://123.345.678.123:777") echo ("<br><font color=\"#FF0000\">Saving ServerURL failed!</font><br>");
if ($conf2->get_cacheTimeout() != "33") echo ("<br><font color=\"#FF0000\">Saving Cache timeout failed!</font><br>");
if (!$conf2->check_Passwd("123456abcde")) echo ("<br><font color=\"#FF0000\">Saving password failed!</font><br>");
if ($conf2->get_Adminstring() != "uid=test,o=test,dc=org;uid=root,o=test2,c=de") echo ("<br><font color=\"#FF0000\">Saving admin string failed!</font><br>");
if ($conf2->get_Suffix('user') != "ou=test,o=test,c=de") echo ("<br><font color=\"#FF0000\">Saving user suffix failed!</font><br>");
if ($conf2->get_Suffix('group') != "ou=testgrp,o=test,c=de") echo ("<br><font color=\"#FF0000\">Saving group suffix failed!</font><br>");
if ($conf2->get_Suffix('host') != "ou=testhst,o=test,c=de") echo ("<br><font color=\"#FF0000\">Saving host suffix failed!</font><br>");
if ($conf2->get_Suffix('smbDomain') != "ou=testdom,o=test,c=de") echo ("<br><font color=\"#FF0000\">Saving domain suffix failed!</font><br>");
if ($conf2->get_listAttributes('user') != "#uid;#cn") echo ("<br><font color=\"#FF0000\">Saving userlistAttributes failed!</font><br>");
if ($conf2->get_listAttributes('group') != "#gidNumber;#cn;#memberUID") echo ("<br><font color=\"#FF0000\">Saving grouplistAttributes failed!</font><br>");
if ($conf2->get_listAttributes('host') != "#cn;#uid;#description") echo ("<br><font color=\"#FF0000\">Saving hostlistAttributes failed!</font><br>");
if ($conf2->get_defaultlanguage() != "de_AT:iso639_de:Deutsch (Oesterreich)") echo ("<br><font color=\"#FF0000\">Saving default language failed!</font><br>");
if ($conf2->get_scriptPath() != "/var/www/lam/lib/script") echo ("<br><font color=\"#FF0000\">Saving script path failed!</font><br>");
if ($conf2->get_scriptServers() != "127.0.0.1") echo ("<br><font color=\"#FF0000\">Saving script server failed!</font><br>");
if ($conf2->get_scriptRights() != '775') echo ("<br><font color=\"#FF0000\">Saving script rights failed!</font><br>");
$msettings = $conf2->get_moduleSettings();
if (($msettings['test1'][0] != 11) || ($msettings['test2'][0] != 'abc') || ($msettings['test3'][0] != '3')) echo ("<br><font color=\"#FF0000\">Saving module settings failed!</font><br>");
echo ("done<br>");
// restore old values
echo ("Restoring old preferences...");
$conf2->set_ServerURL($ServerURL);
$conf2->set_cacheTimeout($cachetimeout);
$conf2->set_Passwd('lam');
$conf2->set_Adminstring($Adminstring);
$conf2->set_Suffix('user', $Suff_users);
$conf2->set_Suffix('group', $Suff_groups);
$conf2->set_Suffix('host', $Suff_hosts);
$conf2->set_Suffix('smbDomain', $Suff_domains);
$conf2->set_listAttributes($userlistAttributes, 'user');
$conf2->set_listAttributes($grouplistAttributes, 'group');
$conf2->set_listAttributes($hostlistAttributes, 'host');
$conf2->set_defaultLanguage($defaultlanguage);
$conf2->set_scriptPath($scriptpath);
$conf2->set_scriptServers($scriptServer);
$conf2->set_moduleSettings($moduleSettings);
$conf2->set_scriptRights($scriptRights);
$conf2->save();
echo ("done<br>");
// finished
echo ("<br><b><font color=\"#00C000\">Test is complete.</font></b>");
?>

33
lam/tests/lib/LAMConfigTest.php
View File

@ -278,6 +278,39 @@ class LAMConfigTest extends PHPUnit_Framework_TestCase {
$this->assertEquals($val, $this->lAMConfig->get_scriptRights()); $this->assertEquals($val, $this->lAMConfig->get_scriptRights());
} }
/**
* Tests LAMConfig->getScriptSSHKey() and LAMConfig->SetScriptSSHKey()
*/
public function testScriptSSHKey() {
$val = '/tmp/test';
$this->lAMConfig->SetScriptSSHKey($val);
$this->assertEquals($val, $this->lAMConfig->getScriptSSHKey());
$this->doSave();
$this->assertEquals($val, $this->lAMConfig->getScriptSSHKey());
}
/**
* Tests LAMConfig->getScriptSSHKeyPassword() and LAMConfig->setScriptSSHKeyPassword()
*/
public function testScriptSSHKeyPassword() {
$val = '12345';
$this->lAMConfig->setScriptSSHKeyPassword($val);
$this->assertEquals($val, $this->lAMConfig->getScriptSSHKeyPassword());
$this->doSave();
$this->assertEquals($val, $this->lAMConfig->getScriptSSHKeyPassword());
}
/**
* Tests LAMConfig->getScriptUserName() and LAMConfig->setScriptUserName()
*/
public function testScriptUserName() {
$val = 'admin';
$this->lAMConfig->setScriptUserName($val);
$this->assertEquals($val, $this->lAMConfig->getScriptUserName());
$this->doSave();
$this->assertEquals($val, $this->lAMConfig->getScriptUserName());
}
/** /**
* Tests LAMConfig->set_cacheTimeout(), LAMConfig->get_cacheTimeout() and LAMConfig->get_cacheTimeoutSec() * Tests LAMConfig->set_cacheTimeout(), LAMConfig->get_cacheTimeout() and LAMConfig->get_cacheTimeoutSec()
*/ */

47
lam/tests/status-test.php
View File

@ -1,47 +0,0 @@
<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2013 Michael Duergner
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* LDAP Account Manager status messages.
*
* @package tests
* @author Michael Duergner
*/
/** message displaying */
include_once("../lib/status.inc");
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="../style/500_layout.css" />
</head>
<body>
<?php
$Headline = "Test";
$Text = "{color=00FF00}Farbe{endcolor} {bold}fett{endbold} normal";
$Variables = array();
StatusMessage('INFO',$Headline,$Text,$Variables);
StatusMessage('WARN',$Headline,$Text,$Variables);
StatusMessage('ERROR',$Headline,$Text,$Variables);
?>