File inc/ldap.inc.php changed (mode: 100644) (index cd53f91..7336784) |
... |
... |
function rg_ldap_add($db, $who, $data) |
128 |
128 |
. ', url, bind_dn, bind_pass, user_base' |
. ', url, bind_dn, bind_pass, user_base' |
129 |
129 |
. ', uid_attr, filter, group_base, group_attr' |
. ', uid_attr, filter, group_base, group_attr' |
130 |
130 |
. ', group_filter, admin_group, ca_cert' |
. ', group_filter, admin_group, ca_cert' |
131 |
|
. ', prio, session_time, timeout)' |
|
|
131 |
|
. ', prio, session_time, timeout, plan_id)' |
132 |
132 |
. ' VALUES (@@itime@@, @@who@@, @@name@@' |
. ' VALUES (@@itime@@, @@who@@, @@name@@' |
133 |
133 |
. ', @@url@@, @@bind_dn@@, @@bind_pass@@' |
. ', @@url@@, @@bind_dn@@, @@bind_pass@@' |
134 |
134 |
. ', @@user_base@@, @@uid_attr@@, @@filter@@' |
. ', @@user_base@@, @@uid_attr@@, @@filter@@' |
135 |
135 |
. ', @@group_base@@, @@group_attr@@' |
. ', @@group_base@@, @@group_attr@@' |
136 |
136 |
. ', @@group_filter@@, @@admin_group@@' |
. ', @@group_filter@@, @@admin_group@@' |
137 |
|
. ', @@ca_cert@@, @@prio@@, @@session_time@@)' |
|
|
137 |
|
. ', @@ca_cert@@, @@prio@@, @@session_time@@' |
|
138 |
|
. ', @@timeout@@, @@plan_id@@)' |
138 |
139 |
. ' RETURNING id'; |
. ' RETURNING id'; |
139 |
140 |
} else { |
} else { |
140 |
141 |
$sql = 'UPDATE ldap_servers' |
$sql = 'UPDATE ldap_servers' |
|
... |
... |
function rg_ldap_add($db, $who, $data) |
155 |
156 |
. ', prio = @@prio@@' |
. ', prio = @@prio@@' |
156 |
157 |
. ', session_time = @@session_time@@' |
. ', session_time = @@session_time@@' |
157 |
158 |
. ', timeout = @@timeout@@' |
. ', timeout = @@timeout@@' |
|
159 |
|
. ', plan_id = @@plan_id@@' |
158 |
160 |
. ' WHERE id = @@id@@'; |
. ' WHERE id = @@id@@'; |
159 |
161 |
} |
} |
160 |
162 |
|
|
File inc/ldap_sync.inc.php changed (mode: 100644) (index c3b86e4..3c220f4) |
... |
... |
function rg_ldap_sync_get_cache($db, $v) |
14 |
14 |
$ret = array('ok' => 0); |
$ret = array('ok' => 0); |
15 |
15 |
while (1) { |
while (1) { |
16 |
16 |
$params = array('v' => $v); |
$params = array('v' => $v); |
17 |
|
$sql = 'SELECT * FROM ldap_cache' |
|
18 |
|
. ' WHERE mail = @@v@@' |
|
|
17 |
|
$sql = 'SELECT a.* FROM ldap_cache AS a, ldap_servers AS b' |
|
18 |
|
. ' WHERE a.server_id = b.id' |
|
19 |
|
. ' AND (mail = @@v@@' |
19 |
20 |
. ' OR ldap_uid = @@v@@' |
. ' OR ldap_uid = @@v@@' |
20 |
|
. ' OR cn = @@v@@' |
|
21 |
|
. ' ORDER BY prio'; |
|
|
21 |
|
. ' OR cn = @@v@@)' |
|
22 |
|
. ' ORDER BY b.prio'; |
22 |
23 |
$res = rg_sql_query_params($db, $sql, $params); |
$res = rg_sql_query_params($db, $sql, $params); |
23 |
24 |
if ($res === FALSE) { |
if ($res === FALSE) { |
24 |
25 |
$ret['errmsg'] = 'cannot select from cache'; |
$ret['errmsg'] = 'cannot select from cache'; |
|
... |
... |
function rg_ldap_sync_cb_error($index, &$info, $msg) |
354 |
355 |
function rg_ldap_sync_ro($db, $data) |
function rg_ldap_sync_ro($db, $data) |
355 |
356 |
{ |
{ |
356 |
357 |
// TODO: move this in the higher level part |
// TODO: move this in the higher level part |
357 |
|
// Load the list of servers in decreasing priority order |
|
|
358 |
|
// Load the list of servers in decreasing priority order (increasing numeric) |
358 |
359 |
// because we want the best one to overwrite the lower priority ones. |
// because we want the best one to overwrite the lower priority ones. |
359 |
360 |
|
|
360 |
361 |
// Hm! Have a problem: sync_rp with multiple servers! |
// Hm! Have a problem: sync_rp with multiple servers! |
File tests/ldap.php changed (mode: 100644) (index 1ef98fe..275349a) |
... |
... |
function rg_ldap_start_server(&$l) |
32 |
32 |
$r = @unlink($prep); |
$r = @unlink($prep); |
33 |
33 |
rg_log('unlinking prep.done returned ' . ($r === FALSE ? 'false' : 'true')); |
rg_log('unlinking prep.done returned ' . ($r === FALSE ? 'false' : 'true')); |
34 |
34 |
|
|
35 |
|
$log = __DIR__ . '/ldap-' . $l['rg_ldap_port'] . '.log'; |
|
|
35 |
|
$log = __DIR__ . '/ldap-' . $l['rg_ldap_port']; |
36 |
36 |
|
|
37 |
37 |
$pid = pcntl_fork(); |
$pid = pcntl_fork(); |
38 |
38 |
if ($pid == 0) { // child |
if ($pid == 0) { // child |
|
... |
... |
function rg_ldap_start_server(&$l) |
40 |
40 |
rg_log($k . '=' . $v); |
rg_log($k . '=' . $v); |
41 |
41 |
putenv($k . '=' . $v); |
putenv($k . '=' . $v); |
42 |
42 |
} |
} |
43 |
|
rg_exec('cd ldap && sh start.sh &> ' . $log, '', FALSE, FALSE); |
|
44 |
|
|
|
45 |
|
$log = '../ldap-' . $l['rg_ldap_port'] . 'prep.log'; |
|
46 |
|
rg_exec('cd ldap && sh prepare.sh &> ' . $log, '', FALSE, FALSE); |
|
|
43 |
|
rg_exec('cd ldap && bash -x start.sh &> ' . $log . '.log', '', FALSE, FALSE); |
|
44 |
|
rg_exec('cd ldap && bash -x prepare.sh &> ' . $log . '.prep.log', '', FALSE, FALSE); |
47 |
45 |
exit(0); |
exit(0); |
48 |
46 |
} |
} |
49 |
47 |
|
|
|
... |
... |
function rg_ldap_start_server(&$l) |
71 |
69 |
|
|
72 |
70 |
function clean($log) |
function clean($log) |
73 |
71 |
{ |
{ |
74 |
|
rg_log('Cleaning processes attached to file ' . $log . '...'); |
|
75 |
|
$r = rg_exec('fuser -k -v -9 ' . escapeshellarg($log), '', FALSE, FALSE); |
|
|
72 |
|
rg_log('Cleaning processes attached to file ' . $log . '.log...'); |
|
73 |
|
$r = rg_exec('fuser -k -v -9 ' . escapeshellarg($log . '.log'), '', FALSE, FALSE); |
76 |
74 |
rg_log_ml('fuser returned: ' . print_r($r, TRUE)); |
rg_log_ml('fuser returned: ' . print_r($r, TRUE)); |
77 |
75 |
} |
} |
78 |
76 |
|
|
|
... |
... |
$data = array( |
174 |
172 |
'ldap::ca_cert' => '' |
'ldap::ca_cert' => '' |
175 |
173 |
); |
); |
176 |
174 |
$r = do_req($test_url . '/op/admin/ldap/add', $data, $headers); |
$r = do_req($test_url . '/op/admin/ldap/add', $data, $headers); |
177 |
|
if (!strstr($r['body'], 'Configuration has been successfully saved.')) { |
|
178 |
|
rg_log_ml('r: ' . print_r($r, TRUE)); |
|
179 |
|
rg_log('Cannot post form (expected answer missing)!'); |
|
|
175 |
|
if (!strstr($r['body'], 'LDAP server has been successfully added/edited.')) { |
|
176 |
|
rg_log_ml('body: ' . $r['body']); |
|
177 |
|
rg_log('Success message not found!'); |
180 |
178 |
exit(1); |
exit(1); |
181 |
179 |
} |
} |
182 |
180 |
rg_log_exit(); |
rg_log_exit(); |
|
... |
... |
if ($r === FALSE) { |
458 |
456 |
rg_log_exit(); |
rg_log_exit(); |
459 |
457 |
|
|
460 |
458 |
|
|
|
459 |
|
rg_log(''); |
|
460 |
|
rg_log_enter('Loading Admin -> LDAP -> List -> [Edit]...'); |
|
461 |
|
$data = array(); |
|
462 |
|
$headers = array(); |
|
463 |
|
$r = do_req($test_url . '/op/admin/ldap/edit/' . $id, $data, $headers); |
|
464 |
|
if ($r === FALSE) { |
|
465 |
|
rg_log('Cannot load edit page!'); |
|
466 |
|
exit(1); |
|
467 |
|
} |
|
468 |
|
$token = $r['tokens']['ldap_add']; |
|
469 |
|
rg_log_exit(); |
|
470 |
|
|
|
471 |
|
rg_log(''); |
|
472 |
|
rg_log_enter('Posting new data...'); |
|
473 |
|
$data = array( |
|
474 |
|
'doit' => 1, |
|
475 |
|
'token' => $token, |
|
476 |
|
'ldap::id' => $id, |
|
477 |
|
'ldap::plan_id' => 9, |
|
478 |
|
'ldap::prio' => 11, |
|
479 |
|
'ldap::session_time' => 700, |
|
480 |
|
'ldap::name' => $name . '<xss>', |
|
481 |
|
'ldap::url' => 'ldaps://' . $bind_addr . ':' . $bind_port, |
|
482 |
|
'ldap::bind_dn' => 'binddn', |
|
483 |
|
'ldap::bind_pass' => 'bind_pass', |
|
484 |
|
'ldap::user_base' => 'o=a,dc=my-domain,dc=com', |
|
485 |
|
'ldap::uid_attr' => 'uid2', |
|
486 |
|
'ldap::filter' => 'memberOf=cn=groupX,ou=Group,dc=my-domain,dc=com', |
|
487 |
|
'ldap::group_base' => 'o=b,dc=my-domain,dc=com', |
|
488 |
|
'ldap::group_attr' => 'memberOfNot', |
|
489 |
|
'ldap::group_filter' => 'group_filter', |
|
490 |
|
'ldap::admin_group' => 'cn=(Admins4|Admins5),ou=Group,dc=my-domain,dc=com', |
|
491 |
|
'ldap::timeout' => 13, |
|
492 |
|
'ldap::ca_cert' => 'ca_cert' |
|
493 |
|
); |
|
494 |
|
$headers = array(); |
|
495 |
|
$r = do_req($test_url . '/op/admin/ldap/add', $data, $headers); |
|
496 |
|
if ($r === FALSE) { |
|
497 |
|
rg_log('Cannot load edit page!'); |
|
498 |
|
exit(1); |
|
499 |
|
} |
|
500 |
|
if (!strstr($r['body'], 'LDAP server has been successfully added/edited.')) { |
|
501 |
|
rg_log_ml('body: ' . $r['body']); |
|
502 |
|
rg_log('Success message not found!'); |
|
503 |
|
exit(1); |
|
504 |
|
} |
|
505 |
|
$sql = 'SELECT * FROM ldap_servers WHERE id = ' . $id; |
|
506 |
|
$res = rg_sql_query($db, $sql); |
|
507 |
|
$row = rg_sql_fetch_array($res); |
|
508 |
|
rg_sql_free_result($res); |
|
509 |
|
$key = 'ldap::list::' . $id; |
|
510 |
|
rg_cache_core_unset($key); // else we will get previous copy! |
|
511 |
|
$c = rg_cache_get($key); |
|
512 |
|
foreach ($data as $k => $v) { |
|
513 |
|
// ignore some fields |
|
514 |
|
if (strncmp($k, 'ldap::', 6) != 0) |
|
515 |
|
continue; |
|
516 |
|
|
|
517 |
|
$k = substr($k, 6); |
|
518 |
|
|
|
519 |
|
if (!isset($row[$k])) { |
|
520 |
|
rg_log('Field [' . $k . '] was not found in db!'); |
|
521 |
|
exit(1); |
|
522 |
|
} |
|
523 |
|
if (strcmp($row[$k], $v) != 0) { |
|
524 |
|
rg_log('Field [' . $k . '] seems was missed in edit (db)!'); |
|
525 |
|
rg_log('db=' . $row[$k] . ' sent=' . $v); |
|
526 |
|
exit(1); |
|
527 |
|
} |
|
528 |
|
|
|
529 |
|
if (!isset($c[$k])) { |
|
530 |
|
rg_log('Field [' . $k . '] was not found in cache!'); |
|
531 |
|
exit(1); |
|
532 |
|
} |
|
533 |
|
if (strcmp($c[$k], $v) != 0) { |
|
534 |
|
rg_log('Field [' . $k . '] seems was missed in edit (cache)!'); |
|
535 |
|
rg_log('cache=' . $c[$k] . ' sent=' . $v); |
|
536 |
|
exit(1); |
|
537 |
|
} |
|
538 |
|
} |
|
539 |
|
// Testing if all fields in the database were updated |
|
540 |
|
unset($row['itime']); |
|
541 |
|
unset($row['who']); |
|
542 |
|
unset($row['csn']); |
|
543 |
|
foreach ($row as $k => $v) { |
|
544 |
|
if (isset($data['ldap::' . $k])) |
|
545 |
|
continue; |
|
546 |
|
|
|
547 |
|
rg_log('Field [' . $k . '] was missing from the http update!'); |
|
548 |
|
exit(1); |
|
549 |
|
} |
|
550 |
|
rg_log_exit(); |
|
551 |
|
|
|
552 |
|
|
461 |
553 |
rg_log(''); |
rg_log(''); |
462 |
554 |
rg_log_enter('Loading Admin -> LDAP -> List (for delete)...'); |
rg_log_enter('Loading Admin -> LDAP -> List (for delete)...'); |
463 |
555 |
$data = array(); |
$data = array(); |