Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
afba0908
Commit
afba0908
authored
Mar 15, 2016
by
Ad Schellevis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
whitespace system_usermanager_import_ldap.php
parent
6e1be849
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
97 additions
and
97 deletions
+97
-97
system_usermanager_import_ldap.php
src/www/system_usermanager_import_ldap.php
+97
-97
No files found.
src/www/system_usermanager_import_ldap.php
View file @
afba0908
...
@@ -31,34 +31,34 @@ require_once("guiconfig.inc");
...
@@ -31,34 +31,34 @@ require_once("guiconfig.inc");
require_once
(
"auth.inc"
);
require_once
(
"auth.inc"
);
function
add_local_user
(
$username
,
$userdn
,
$userfullname
)
{
function
add_local_user
(
$username
,
$userdn
,
$userfullname
)
{
global
$config
;
global
$config
;
// generate new random user_password
// generate new random user_password
$bytes
=
openssl_random_pseudo_bytes
(
50
);
$bytes
=
openssl_random_pseudo_bytes
(
50
);
$user_password
=
pack
(
'H*'
,
bin2hex
(
$bytes
));
$user_password
=
pack
(
'H*'
,
bin2hex
(
$bytes
));
foreach
(
$config
[
'system'
][
'user'
]
as
&
$user
)
{
foreach
(
$config
[
'system'
][
'user'
]
as
&
$user
)
{
if
(
$user
[
'name'
]
==
$username
&&
$user
[
'name'
]
!=
'root'
)
{
if
(
$user
[
'name'
]
==
$username
&&
$user
[
'name'
]
!=
'root'
)
{
// link local user to remote server by updating user_dn
// link local user to remote server by updating user_dn
$user
[
'user_dn'
]
=
$userdn
;
$user
[
'user_dn'
]
=
$userdn
;
// trash user password when linking to ldap, avoid accidental login
// trash user password when linking to ldap, avoid accidental login
// using fall-back local password. User could still reset it's
// using fall-back local password. User could still reset it's
// local password, but only by choice.
// local password, but only by choice.
local_user_set_password
(
$user
,
$user_password
);
local_user_set_password
(
$user
,
$user_password
);
local_user_set
(
$user
);
local_user_set
(
$user
);
return
;
return
;
}
}
}
}
// new user, add
// new user, add
$new_user
=
array
();
$new_user
=
array
();
$new_user
[
'scope'
]
=
'user'
;
$new_user
[
'scope'
]
=
'user'
;
$new_user
[
'name'
]
=
$username
;
$new_user
[
'name'
]
=
$username
;
$new_user
[
'user_dn'
]
=
$userdn
;
$new_user
[
'user_dn'
]
=
$userdn
;
$new_user
[
'descr'
]
=
$userfullname
;
$new_user
[
'descr'
]
=
$userfullname
;
local_user_set_password
(
$new_user
,
$user_password
);
local_user_set_password
(
$new_user
,
$user_password
);
$new_user
[
'uid'
]
=
$config
[
'system'
][
'nextuid'
]
++
;
$new_user
[
'uid'
]
=
$config
[
'system'
][
'nextuid'
]
++
;
$config
[
'system'
][
'user'
][]
=
$new_user
;
$config
[
'system'
][
'user'
][]
=
$new_user
;
local_user_set
(
$new_user
);
local_user_set
(
$new_user
);
}
}
global
$config
;
global
$config
;
...
@@ -71,60 +71,60 @@ $exit_form = false;
...
@@ -71,60 +71,60 @@ $exit_form = false;
$authcfg
=
auth_get_authserver
(
$config
[
'system'
][
'webgui'
][
'authmode'
]);
$authcfg
=
auth_get_authserver
(
$config
[
'system'
][
'webgui'
][
'authmode'
]);
if
(
$authcfg
[
'type'
]
==
'ldap'
)
{
if
(
$authcfg
[
'type'
]
==
'ldap'
)
{
// setup peer ca
// setup peer ca
ldap_setup_caenv
(
$authcfg
);
ldap_setup_caenv
(
$authcfg
);
// connect to ldap server
// connect to ldap server
$ldap_auth
=
new
OPNsense\Auth\LDAP
(
$authcfg
[
'ldap_basedn'
],
$authcfg
[
'ldap_protver'
]);
$ldap_auth
=
new
OPNsense\Auth\LDAP
(
$authcfg
[
'ldap_basedn'
],
$authcfg
[
'ldap_protver'
]);
$ldap_is_connected
=
$ldap_auth
->
connect
(
$authcfg
[
'ldap_full_url'
]
$ldap_is_connected
=
$ldap_auth
->
connect
(
$authcfg
[
'ldap_full_url'
]
,
$authcfg
[
'ldap_binddn'
]
,
$authcfg
[
'ldap_binddn'
]
,
$authcfg
[
'ldap_bindpw'
]
,
$authcfg
[
'ldap_bindpw'
]
);
);
if
(
$ldap_is_connected
)
{
if
(
$ldap_is_connected
)
{
// collect list of current ldap users from config
// collect list of current ldap users from config
$confDNs
=
array
();
$confDNs
=
array
();
foreach
(
$config
[
'system'
][
'user'
]
as
$confUser
)
{
foreach
(
$config
[
'system'
][
'user'
]
as
$confUser
)
{
if
(
!
empty
(
$confUser
[
'user_dn'
]))
{
if
(
!
empty
(
$confUser
[
'user_dn'
]))
{
$confDNs
[]
=
trim
(
$confUser
[
'user_dn'
]);
$confDNs
[]
=
trim
(
$confUser
[
'user_dn'
]);
}
}
}
// search ldap
$result
=
$ldap_auth
->
searchUsers
(
"*"
,
$authcfg
[
'ldap_attr_user'
]
,
$authcfg
[
'ldap_extended_query'
]
);
// actual form action, either save new accounts or list missing
if
(
$_SERVER
[
'REQUEST_METHOD'
]
===
'POST'
)
{
// create selected accounts
$exit_form
=
true
;
if
(
isset
(
$_POST
[
'user_dn'
]))
{
$update_count
=
0
;
foreach
(
$result
as
$ldap_user
)
{
foreach
(
$_POST
[
'user_dn'
]
as
$userDN
)
{
if
(
$userDN
==
$ldap_user
[
'dn'
]
&&
!
in_array
(
$ldap_user
[
'dn'
],
$confDNs
))
{
add_local_user
(
$ldap_user
[
'name'
]
,
$ldap_user
[
'dn'
],
$ldap_user
[
'fullname'
]);
$update_count
++
;
}
}
if
(
$update_count
>
0
){
// write config when changed
write_config
();
}
}
}
}
}
else
{
// search ldap
if
(
is_array
(
$result
))
{
$result
=
$ldap_auth
->
searchUsers
(
"*"
// list all missing accounts
,
$authcfg
[
'ldap_attr_user'
]
foreach
(
$result
as
$ldap_user
)
{
,
$authcfg
[
'ldap_extended_query'
]
if
(
!
in_array
(
$ldap_user
[
'dn'
],
$confDNs
))
{
);
$ldap_users
[
$ldap_user
[
'name'
]]
=
$ldap_user
[
'dn'
];
// actual form action, either save new accounts or list missing
if
(
$_SERVER
[
'REQUEST_METHOD'
]
===
'POST'
)
{
// create selected accounts
$exit_form
=
true
;
if
(
isset
(
$_POST
[
'user_dn'
]))
{
$update_count
=
0
;
foreach
(
$result
as
$ldap_user
)
{
foreach
(
$_POST
[
'user_dn'
]
as
$userDN
)
{
if
(
$userDN
==
$ldap_user
[
'dn'
]
&&
!
in_array
(
$ldap_user
[
'dn'
],
$confDNs
))
{
add_local_user
(
$ldap_user
[
'name'
]
,
$ldap_user
[
'dn'
],
$ldap_user
[
'fullname'
]);
$update_count
++
;
}
}
if
(
$update_count
>
0
){
// write config when changed
write_config
();
}
}
}
}
}
else
{
if
(
is_array
(
$result
))
{
// list all missing accounts
foreach
(
$result
as
$ldap_user
)
{
if
(
!
in_array
(
$ldap_user
[
'dn'
],
$confDNs
))
{
$ldap_users
[
$ldap_user
[
'name'
]]
=
$ldap_user
[
'dn'
];
}
}
ksort
(
$ldap_users
);
}
}
}
ksort
(
$ldap_users
);
}
}
}
}
}
}
include
(
'head.inc'
);
include
(
'head.inc'
);
...
@@ -133,38 +133,38 @@ include('head.inc');
...
@@ -133,38 +133,38 @@ include('head.inc');
<body>
<body>
<?php
if
(
$exit_form
)
:
<?php
if
(
$exit_form
)
:
?>
?>
<script
type=
"text/javascript"
>
<script
type=
"text/javascript"
>
// exit form and reload parent after save
// exit form and reload parent after save
window
.
opener
.
location
.
href
=
window
.
opener
.
location
.
href
;
window
.
opener
.
location
.
href
=
window
.
opener
.
location
.
href
;
window
.
close
();
window
.
close
();
</script>
</script>
<?php
elseif
(
!
$ldap_is_connected
)
:
<?php
elseif
(
!
$ldap_is_connected
)
:
?>
?>
<p>
<?=
gettext
(
"Could not connect to the LDAP server. Please check your LDAP configuration."
);
?>
</p>
<p>
<?=
gettext
(
"Could not connect to the LDAP server. Please check your LDAP configuration."
);
?>
</p>
<input
type=
'button'
class=
"btn btn-default"
value=
'
<?=
gettext
(
"Close"
);
?>
'
onClick=
"window.close();"
>
<input
type=
'button'
class=
"btn btn-default"
value=
'
<?=
gettext
(
"Close"
);
?>
'
onClick=
"window.close();"
>
<?php
<?php
else
:
else
:
?>
?>
<form
method=
"post"
>
<form
method=
"post"
>
<table
class=
"table table-striped"
>
<table
class=
"table table-striped"
>
<tbody>
<tbody>
<tr>
<tr>
<th
colspan=
"3"
>
<th
colspan=
"3"
>
<?=
gettext
(
"Please select users to import:"
);
?>
<?=
gettext
(
"Please select users to import:"
);
?>
</th>
</th>
</tr>
</tr>
<?php
foreach
(
$ldap_users
as
$username
=>
$userDN
)
:
<?php
foreach
(
$ldap_users
as
$username
=>
$userDN
)
:
?>
?>
<tr><td>
<?=
$username
?>
</td><td>
<?=
$userDN
?>
</td><td>
<input
type=
'checkbox'
value=
"
<?=
$userDN
?>
"
id=
'user_dn'
name=
'user_dn[]'
>
</td></tr>
<tr><td>
<?=
$username
?>
</td><td>
<?=
$userDN
?>
</td><td>
<input
type=
'checkbox'
value=
"
<?=
$userDN
?>
"
id=
'user_dn'
name=
'user_dn[]'
>
</td></tr>
<?php
endforeach
;
<?php
endforeach
;
?>
?>
<tr>
<tr>
<td
align=
"left"
colspan=
"3"
>
<td
align=
"left"
colspan=
"3"
>
<input
type=
'submit'
class=
"btn btn-primary"
value=
'
<?=
gettext
(
"Save"
);
?>
'
>
<input
type=
'submit'
class=
"btn btn-primary"
value=
'
<?=
gettext
(
"Save"
);
?>
'
>
</td>
</td>
</tr>
</tr>
</tbody>
</tbody>
</table>
</table>
</form>
</form>
<?php
<?php
endif
;
?>
endif
;
?>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment