diff --git a/doc/user-api/sections/user.text.tex b/doc/user-api/sections/user.text.tex index a1394a2f7..af04089dd 100644 --- a/doc/user-api/sections/user.text.tex +++ b/doc/user-api/sections/user.text.tex @@ -135,6 +135,52 @@ \subsection*{\textit{enableUser}} } \end{verbatim} } +\subsection*{\textit{disableLDAP}} + Disables LDAP authentication for an account. + { + \color{blue} + \begin{verbatim} +{ + "section": "user", + "request": "disableLDAP", + "userId": 3, + "accessKey": "mykey" +} + \end{verbatim} + } + { + \color{OliveGreen} + \begin{verbatim} +{ + "section": "user", + "request": "disableLDAP", + "response": "OK" +} + \end{verbatim} + } +\subsection*{\textit{enableLDAP}} + Enables LDAP authentication for an account. + { + \color{blue} + \begin{verbatim} +{ + "section": "user", + "request": "enableLDAP", + "userId": 3, + "accessKey": "mykey" +} + \end{verbatim} + } + { + \color{OliveGreen} + \begin{verbatim} +{ + "section": "user", + "request": "enableLDAP", + "response": "OK" +} + \end{verbatim} + } \subsection*{\textit{setUserPassword}} Set a new password for the user. This will not affect open sessions, only new logins. { diff --git a/src/dba/models/User.class.php b/src/dba/models/User.class.php index 2bcf5e135..02dc4c7d1 100644 --- a/src/dba/models/User.class.php +++ b/src/dba/models/User.class.php @@ -9,6 +9,7 @@ class User extends AbstractModel { private $passwordHash; private $passwordSalt; private $isValid; + private $isLDAP; private $isComputedPassword; private $lastLoginDate; private $registeredSince; @@ -19,14 +20,44 @@ class User extends AbstractModel { private $otp2; private $otp3; private $otp4; - - function __construct($userId, $username, $email, $passwordHash, $passwordSalt, $isValid, $isComputedPassword, $lastLoginDate, $registeredSince, $sessionLifetime, $rightGroupId, $yubikey, $otp1, $otp2, $otp3, $otp4) { + + function __construct() { + $arguments = func_get_args(); + $numberOfArguments = func_num_args(); + + if (method_exists($this, $function = '__construct'.$numberOfArguments)) { + call_user_func_array(array($this, $function), $arguments); + } + } + + function __construct16($userId, $username, $email, $passwordHash, $passwordSalt, $isValid, $isComputedPassword, $lastLoginDate, $registeredSince, $sessionLifetime, $rightGroupId, $yubikey, $otp1, $otp2, $otp3, $otp4) { + $this->userId = $userId; + $this->username = $username; + $this->email = $email; + $this->passwordHash = $passwordHash; + $this->passwordSalt = $passwordSalt; + $this->isValid = $isValid; + $this->isLDAP = 0; + $this->isComputedPassword = $isComputedPassword; + $this->lastLoginDate = $lastLoginDate; + $this->registeredSince = $registeredSince; + $this->sessionLifetime = $sessionLifetime; + $this->rightGroupId = $rightGroupId; + $this->yubikey = $yubikey; + $this->otp1 = $otp1; + $this->otp2 = $otp2; + $this->otp3 = $otp3; + $this->otp4 = $otp4; + } + + function __construct17($userId, $username, $email, $passwordHash, $passwordSalt, $isValid, $isLDAP, $isComputedPassword, $lastLoginDate, $registeredSince, $sessionLifetime, $rightGroupId, $yubikey, $otp1, $otp2, $otp3, $otp4) { $this->userId = $userId; $this->username = $username; $this->email = $email; $this->passwordHash = $passwordHash; $this->passwordSalt = $passwordSalt; $this->isValid = $isValid; + $this->isLDAP = $isLDAP; $this->isComputedPassword = $isComputedPassword; $this->lastLoginDate = $lastLoginDate; $this->registeredSince = $registeredSince; @@ -38,7 +69,7 @@ function __construct($userId, $username, $email, $passwordHash, $passwordSalt, $ $this->otp3 = $otp3; $this->otp4 = $otp4; } - + function getKeyValueDict() { $dict = array(); $dict['userId'] = $this->userId; @@ -47,6 +78,7 @@ function getKeyValueDict() { $dict['passwordHash'] = $this->passwordHash; $dict['passwordSalt'] = $this->passwordSalt; $dict['isValid'] = $this->isValid; + $dict['isLDAP'] = $this->isLDAP; $dict['isComputedPassword'] = $this->isComputedPassword; $dict['lastLoginDate'] = $this->lastLoginDate; $dict['registeredSince'] = $this->registeredSince; @@ -57,26 +89,26 @@ function getKeyValueDict() { $dict['otp2'] = $this->otp2; $dict['otp3'] = $this->otp3; $dict['otp4'] = $this->otp4; - + return $dict; } - + function getPrimaryKey() { return "userId"; } - + function getPrimaryKeyValue() { return $this->userId; } - + function getId() { return $this->userId; } - + function setId($id) { $this->userId = $id; } - + /** * Used to serialize the data contained in the model * @return array @@ -84,133 +116,142 @@ function setId($id) { public function expose() { return get_object_vars($this); } - + function getUsername() { return $this->username; } - + function setUsername($username) { $this->username = $username; } - + function getEmail() { return $this->email; } - + function setEmail($email) { $this->email = $email; } - + function getPasswordHash() { return $this->passwordHash; } - + function setPasswordHash($passwordHash) { $this->passwordHash = $passwordHash; } - + function getPasswordSalt() { return $this->passwordSalt; } - + function setPasswordSalt($passwordSalt) { $this->passwordSalt = $passwordSalt; } - + function getIsValid() { return $this->isValid; } - + function setIsValid($isValid) { $this->isValid = $isValid; } - + + function getIsLDAP() { + return $this->isLDAP; + } + + function setIsLDAP($isLDAP) { + $this->isLDAP = $isLDAP; + } + function getIsComputedPassword() { return $this->isComputedPassword; } - + function setIsComputedPassword($isComputedPassword) { $this->isComputedPassword = $isComputedPassword; } - + function getLastLoginDate() { return $this->lastLoginDate; } - + function setLastLoginDate($lastLoginDate) { $this->lastLoginDate = $lastLoginDate; } - + function getRegisteredSince() { return $this->registeredSince; } - + function setRegisteredSince($registeredSince) { $this->registeredSince = $registeredSince; } - + function getSessionLifetime() { return $this->sessionLifetime; } - + function setSessionLifetime($sessionLifetime) { $this->sessionLifetime = $sessionLifetime; } - + function getRightGroupId() { return $this->rightGroupId; } - + function setRightGroupId($rightGroupId) { $this->rightGroupId = $rightGroupId; } - + function getYubikey() { return $this->yubikey; } - + function setYubikey($yubikey) { $this->yubikey = $yubikey; } - + function getOtp1() { return $this->otp1; } - + function setOtp1($otp1) { $this->otp1 = $otp1; } - + function getOtp2() { return $this->otp2; } - + function setOtp2($otp2) { $this->otp2 = $otp2; } - + function getOtp3() { return $this->otp3; } - + function setOtp3($otp3) { $this->otp3 = $otp3; } - + function getOtp4() { return $this->otp4; } - + function setOtp4($otp4) { $this->otp4 = $otp4; } - + const USER_ID = "userId"; const USERNAME = "username"; const EMAIL = "email"; const PASSWORD_HASH = "passwordHash"; const PASSWORD_SALT = "passwordSalt"; const IS_VALID = "isValid"; + const IS_LDAP = "isLDAP"; const IS_COMPUTED_PASSWORD = "isComputedPassword"; const LAST_LOGIN_DATE = "lastLoginDate"; const REGISTERED_SINCE = "registeredSince"; diff --git a/src/dba/models/UserFactory.class.php b/src/dba/models/UserFactory.class.php index f50a06b52..b91386925 100644 --- a/src/dba/models/UserFactory.class.php +++ b/src/dba/models/UserFactory.class.php @@ -23,7 +23,7 @@ function getCacheValidTime() { * @return User */ function getNullObject() { - $o = new User(-1, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null); + $o = new User(-1, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null); return $o; } @@ -33,7 +33,7 @@ function getNullObject() { * @return User */ function createObjectFromDict($pk, $dict) { - $o = new User($dict['userId'], $dict['username'], $dict['email'], $dict['passwordHash'], $dict['passwordSalt'], $dict['isValid'], $dict['isComputedPassword'], $dict['lastLoginDate'], $dict['registeredSince'], $dict['sessionLifetime'], $dict['rightGroupId'], $dict['yubikey'], $dict['otp1'], $dict['otp2'], $dict['otp3'], $dict['otp4']); + $o = new User($dict['userId'], $dict['username'], $dict['email'], $dict['passwordHash'], $dict['passwordSalt'], $dict['isValid'], $dict['isLDAP'], $dict['isComputedPassword'], $dict['lastLoginDate'], $dict['registeredSince'], $dict['sessionLifetime'], $dict['rightGroupId'], $dict['yubikey'], $dict['otp1'], $dict['otp2'], $dict['otp3'], $dict['otp4']); return $o; } diff --git a/src/inc/Login.class.php b/src/inc/Login.class.php index 9b4f8c2f3..b9da62978 100755 --- a/src/inc/Login.class.php +++ b/src/inc/Login.class.php @@ -15,13 +15,13 @@ class Login { private $valid = false; /** @var Session $session */ private $session = null; - + private static $instance = null; - + public function setUser($user) { $this->user = $user; } - + /** * Get an instance of the Login class * @return Login @@ -32,7 +32,7 @@ public static function getInstance() { } return self::$instance; } - + /** * Creates a Login-Instance and checks automatically if there is a session * running. It updates the session lifetime again up to the session limit. @@ -62,14 +62,14 @@ private function __construct() { } } } - + /** * Returns true if the user currently is loggedin with a valid session */ public function isLoggedin() { return $this->valid; } - + /** * Logs the current user out and closes his session */ @@ -80,7 +80,7 @@ public function logout() { $this->valid = false; setcookie("session", false, time() - 600); } - + /** * Returns the uID of the currently logged in user, if the user is not logged * in, the uID will be -1 @@ -91,14 +91,14 @@ public function getUserID() { } return $this->user->getId(); } - + public function getUser() { if (!$this->valid) { return null; } return $this->user; } - + /** * Executes a login with given username and password (plain) * @@ -113,35 +113,52 @@ public function login($username, $password, $otp = NULL) { return false; } $filter = new QueryFilter(User::USERNAME, $username, "="); - + $check = Factory::getUserFactory()->filter([Factory::FILTER => $filter]); if ($check === null || sizeof($check) == 0) { return false; } $user = $check[0]; - + if ($user->getIsValid() != 1) { return false; } + else if ($user->getIsLDAP() == 1) { + $basedn = SConfig::getInstance()->getVal(DConfig::LDAP_BASEDN); + $uid = SConfig::getInstance()->getVal(DConfig::LDAP_UID); + $ldap_conn = ldap_connect(SConfig::getInstance()->getVal(DConfig::LDAP_SERVER)); + $ldapbind=false; + if(ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3)) + if(ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0)) + if(ldap_start_tls($ldap_conn)) + $ldapbind = @ldap_bind($ldap_conn, $uid."=".$username.",".$basedn, $password); + ldap_close($ldap_conn); + if (!$ldapbind) { + Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::WARN, "Failed LDAP login attempt due to wrong password!"); + $payload = new DataSet(array(DPayloadKeys::USER => $user)); + NotificationHandler::checkNotifications(DNotificationType::USER_LOGIN_FAILED, $payload); + return false; + } + } else if (!Encryption::passwordVerify($password, $user->getPasswordSalt(), $user->getPasswordHash())) { Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::WARN, "Failed login attempt due to wrong password!"); - + $payload = new DataSet(array(DPayloadKeys::USER => $user)); NotificationHandler::checkNotifications(DNotificationType::USER_LOGIN_FAILED, $payload); return false; } $this->user = $user; /****** End check password ******/ - + /***** Check Yubikey *****/ if ($user->getYubikey() == true && Util::isYubikeyEnabled() && sizeof(SConfig::getInstance()->getVal(DConfig::YUBIKEY_ID)) != 0 && sizeof(SConfig::getInstance()->getVal(DConfig::YUBIKEY_KEY) != 0)) { $keyId = substr($otp, 0, 12); - + if (strtoupper($user->getOtp1()) != strtoupper($keyId) && strtoupper($user->getOtp2()) != strtoupper($keyId) && strtoupper($user->getOtp3()) != strtoupper($keyId) && strtoupper($user->getOtp4()) != strtoupper($keyId)) { Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::WARN, "Failed Yubikey login attempt due to wrong keyId!"); return false; } - + $useHttps = true; $urlOTP = SConfig::getInstance()->getVal(DConfig::YUBIKEY_URL); if (!empty($urlOTP) && $_url = parse_url($urlOTP)) { @@ -154,14 +171,14 @@ public function login($username, $password, $otp = NULL) { } $urlPart .= $_url['path']; } - + $yubi = new Auth_Yubico(SConfig::getInstance()->getVal(DConfig::YUBIKEY_ID), SConfig::getInstance()->getVal(DConfig::YUBIKEY_KEY), $useHttps, true); - + if (!empty($urlPart)) { $yubi->addURLpart($urlPart); } $auth = $yubi->verify($otp); - + if (PEAR::isError($auth)) { Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::WARN, "Failed login attempt due to wrong Yubikey OTP!"); return false; @@ -171,9 +188,9 @@ public function login($username, $password, $otp = NULL) { return false; } /****** End check Yubikey ******/ - + // At this point the user is authenticated successfully, so the session can be created. - + /****** Create session ******/ $startTime = time(); $session = new Session(null, $this->user->getId(), $startTime, $startTime, 1, $this->user->getSessionLifetime(), ""); @@ -184,14 +201,10 @@ public function login($username, $password, $otp = NULL) { $sessionKey = Encryption::sessionHash($session->getId(), $startTime, $user->getEmail()); Factory::getSessionFactory()->set($session, Session::SESSION_KEY, $sessionKey); Factory::getUserFactory()->set($this->user, User::LAST_LOGIN_DATE, time()); - + $this->valid = true; Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::INFO, "Successful login!"); setcookie("session", "$sessionKey", time() + $this->user->getSessionLifetime(), "", "", false, true); return true; } } - - - - diff --git a/src/inc/defines/config.php b/src/inc/defines/config.php index b72d25672..361f5a6cc 100644 --- a/src/inc/defines/config.php +++ b/src/inc/defines/config.php @@ -11,13 +11,13 @@ class DConfigType { class DConfigAction { const UPDATE_CONFIG = "updateConfig"; const UPDATE_CONFIG_PERM = DAccessControl::SERVER_CONFIG_ACCESS; - + const REBUILD_CACHE = "rebuildCache"; const REBUILD_CACHE_PERM = DAccessControl::SERVER_CONFIG_ACCESS; - + const RESCAN_FILES = "rescanFiles"; const RESCAN_FILES_PERM = DAccessControl::SERVER_CONFIG_ACCESS; - + const CLEAR_ALL = "clearAll"; const CLEAR_ALL_PERM = DAccessControl::SERVER_CONFIG_ACCESS; } @@ -54,12 +54,17 @@ class DConfig { const HASHCAT_BRAIN_PASS = "hashcatBrainPass"; const HASHLIST_IMPORT_CHECK = "hashlistImportCheck"; const HC_ERROR_IGNORE = "hcErrorIgnore"; - + // Section: Yubikey const YUBIKEY_ID = "yubikey_id"; const YUBIKEY_KEY = "yubikey_key"; const YUBIKEY_URL = "yubikey_url"; - + + // Section: LDAP + const LDAP_SERVER = "ldap_server"; + const LDAP_BASEDN = "ldap_basedn"; + const LDAP_UID = "ldap_uid"; + // Section: Finetuning const HASHES_PAGE_SIZE = "pagingSize"; const NUMBER_LOGENTRIES = "numLogEntries"; @@ -68,7 +73,7 @@ class DConfig { const HASH_MAX_LENGTH = "hashMaxLength"; const MAX_HASHLIST_SIZE = "maxHashlistSize"; const UAPI_SEND_TASK_IS_COMPLETE = "uApiSendTaskIsComplete"; - + // Section: UI const TIME_FORMAT = "timefmt"; const DONATE_OFF = "donateOff"; @@ -83,7 +88,7 @@ class DConfig { const AGENT_TEMP_THRESHOLD_2 = "agentTempThreshold2"; const AGENT_UTIL_THRESHOLD_1 = "agentUtilThreshold1"; const AGENT_UTIL_THRESHOLD_2 = "agentUtilThreshold2"; - + // Section: Server const BASE_URL = "baseUrl"; const BASE_HOST = "baseHost"; @@ -94,20 +99,20 @@ class DConfig { const S_NAME = "jeSuisHashtopussy"; const SERVER_LOG_LEVEL = "serverLogLevel"; const ALLOW_DEREGISTER = "allowDeregister"; - + // Section: Multicast const MULTICAST_ENABLE = "multicastEnable"; const MULTICAST_DEVICE = "multicastDevice"; const MULTICAST_TR_ENABLE = "multicastTransferRateEnable"; const MULTICAST_TR = "multicastTranserRate"; - + // Section: Notifications const NOTIFICATIONS_PROXY_ENABLE = "notificationsProxyEnable"; const TELEGRAM_BOT_TOKEN = "telegramBotToken"; const NOTIFICATIONS_PROXY_SERVER = "notificationsProxyServer"; const NOTIFICATIONS_PROXY_PORT = "notificationsProxyPort"; const NOTIFICATIONS_PROXY_TYPE = "notificationsProxyType"; - + static function getConstants() { try { $oClass = new ReflectionClass(__CLASS__); @@ -117,7 +122,7 @@ static function getConstants() { } return $oClass->getConstants(); } - + /** * Gives the selection for the configuration values which are selections. * @param string $config @@ -146,7 +151,7 @@ public static function getSelection($config) { } return new DataSet(["Not found!"]); } - + /** * Gives the format which a config input should have. Default is string if it's not a known config. * @param $config string @@ -275,7 +280,7 @@ public static function getConfigType($config) { } return DConfigType::STRING_INPUT; } - + /** * @param $config string * @return string @@ -316,6 +321,12 @@ public static function getConfigDescription($config) { return "Yubikey Secret Key."; case DConfig::YUBIKEY_URL: return "Yubikey API URL."; + case DConfig::LDAP_SERVER: + return "LDAP Server. ldap://example.com:389, ldaps://example.com:636"; + case DConfig::LDAP_BASEDN: + return "LDAP BaseDN. cn=users,cn=accounts,dc=example,dc=com"; + case DConfig::LDAP_UID: + return "LDAP UID. User identifier. Commonly uid or cn."; case DConfig::BASE_HOST: return "Base hostname/port/protocol to use. Only fill this in to override the auto-determined value."; case DConfig::DONATE_OFF: diff --git a/src/inc/defines/userApi.php b/src/inc/defines/userApi.php index f76455204..2b80d9202 100644 --- a/src/inc/defines/userApi.php +++ b/src/inc/defines/userApi.php @@ -926,6 +926,8 @@ class USectionUser extends UApi { const CREATE_USER = "createUser"; const DISABLE_USER = "disableUser"; const ENABLE_USER = "enableUser"; + const DISABLE_LDAP = "disableLDAP"; + const ENABLE_LDAP = "enableLDAP"; const SET_USER_PASSWORD = "setUserPassword"; const SET_USER_RIGHT_GROUP = "setUserRightGroup"; @@ -941,6 +943,10 @@ public function describe($constant) { return "Disable a user account"; case USectionUser::ENABLE_USER: return "Enable a user account"; + case USectionUser::DISABLE_LDAP: + return "Disable LDAP auth"; + case USectionUser::ENABLE_LDAP: + return "Enable LDAP auth"; case USectionUser::SET_USER_PASSWORD: return "Set a user's password"; case USectionUser::SET_USER_RIGHT_GROUP: diff --git a/src/inc/defines/users.php b/src/inc/defines/users.php index f220b3edf..99eae414b 100644 --- a/src/inc/defines/users.php +++ b/src/inc/defines/users.php @@ -38,6 +38,12 @@ class DUserAction { const DISABLE_USER = "disableUser"; const DISABLE_USER_PERM = DAccessControl::USER_CONFIG_ACCESS; + + const ENABLE_LDAP = "enableLDAP"; + const ENABLE_LDAP_PERM = DAccessControl::USER_CONFIG_ACCESS; + + const DISABLE_LDAP = "disableLDAP"; + const DISABLE_LDAP_PERM = DAccessControl::USER_CONFIG_ACCESS; const SET_RIGHTS = "setRights"; const SET_RIGHTS_PERM = DAccessControl::USER_CONFIG_ACCESS; diff --git a/src/inc/handlers/ConfigHandler.class.php b/src/inc/handlers/ConfigHandler.class.php index 794ac914e..63a970908 100644 --- a/src/inc/handlers/ConfigHandler.class.php +++ b/src/inc/handlers/ConfigHandler.class.php @@ -21,7 +21,7 @@ public function handle($action) { case DConfigAction::RESCAN_FILES: AccessControl::getInstance()->checkPermission(DConfigAction::RESCAN_FILES_PERM); ConfigUtils::scanFiles(); - UI::addMessage(UI::SUCCESS, "File scan was successfull, no actions required!"); + UI::addMessage(UI::SUCCESS, "File scan was successful, no actions required!"); break; case DConfigAction::CLEAR_ALL: AccessControl::getInstance()->checkPermission(DConfigAction::CLEAR_ALL_PERM); diff --git a/src/inc/handlers/UsersHandler.class.php b/src/inc/handlers/UsersHandler.class.php index ec65405bd..a3cdf187a 100644 --- a/src/inc/handlers/UsersHandler.class.php +++ b/src/inc/handlers/UsersHandler.class.php @@ -23,6 +23,16 @@ public function handle($action) { UserUtils::disableUser($_POST['user'], Login::getInstance()->getUser()); UI::addMessage(UI::SUCCESS, "User was disabled successfully!"); break; + case DUserAction::ENABLE_LDAP: + AccessControl::getInstance()->checkPermission(DUserAction::ENABLE_LDAP_PERM); + UserUtils::enableLDAP($_POST['user']); + UI::addMessage(UI::SUCCESS, "LDAP enabled successfully!"); + break; + case DUserAction::DISABLE_LDAP: + AccessControl::getInstance()->checkPermission(DUserAction::DISABLE_LDAP_PERM); + UserUtils::disableLDAP($_POST['user'], Login::getInstance()->getUser()); + UI::addMessage(UI::SUCCESS, "LDAP was disabled successfully!"); + break; case DUserAction::SET_RIGHTS: AccessControl::getInstance()->checkPermission(DUserAction::SET_RIGHTS_PERM); UserUtils::setRights($_POST['user'], $_POST['group'], Login::getInstance()->getUser()); diff --git a/src/inc/user-api/UserAPIUser.class.php b/src/inc/user-api/UserAPIUser.class.php index 3d582f5cf..7024def53 100644 --- a/src/inc/user-api/UserAPIUser.class.php +++ b/src/inc/user-api/UserAPIUser.class.php @@ -19,6 +19,12 @@ public function execute($QUERY = array()) { case USectionUser::ENABLE_USER: $this->enableUser($QUERY); break; + case USectionUser::DISABLE_LDAP: + $this->disableLDAP($QUERY); + break; + case USectionUser::ENABLE_LDAP: + $this->enableLDAP($QUERY); + break; case USectionUser::SET_USER_PASSWORD: $this->setUserPassword($QUERY); break; @@ -82,6 +88,30 @@ private function disableUser($QUERY) { $this->sendSuccessResponse($QUERY); } + /** + * @param array $QUERY + * @throws HTException + */ + private function enableLDAP($QUERY) { + if (!isset($QUERY[UQueryUser::USER_ID])) { + throw new HTException("Invalid query!"); + } + UserUtils::enableLDAP($QUERY[UQueryUser::USER_ID]); + $this->sendSuccessResponse($QUERY); + } + + /** + * @param array $QUERY + * @throws HTException + */ + private function disableLDAP($QUERY) { + if (!isset($QUERY[UQueryUser::USER_ID])) { + throw new HTException("Invalid query!"); + } + UserUtils::disableLDAP($QUERY[UQueryUser::USER_ID], $this->user); + $this->sendSuccessResponse($QUERY); + } + /** * @param array $QUERY * @throws HTException diff --git a/src/inc/utils/UserUtils.class.php b/src/inc/utils/UserUtils.class.php index 94357f526..6a9879740 100644 --- a/src/inc/utils/UserUtils.class.php +++ b/src/inc/utils/UserUtils.class.php @@ -73,7 +73,26 @@ public static function disableUser($userId, $adminUser) { Factory::getSessionFactory()->massUpdate([Factory::FILTER => $qF, Factory::UPDATE => $uS]); Factory::getUserFactory()->set($user, User::IS_VALID, 0); } + + /** + * @param int $userId + * @throws HTException + */ + public static function enableLDAP($userId) { + $user = UserUtils::getUser($userId); + Factory::getUserFactory()->set($user, User::IS_LDAP, 1); + } + + /** + * @param int $userId + * @throws HTException + */ + public static function disableLDAP($userId) { + $user = UserUtils::getUser($userId); + Factory::getUserFactory()->set($user, User::IS_LDAP, 0); + } + /** * @param int $userId * @param int $groupId @@ -134,7 +153,7 @@ public static function createUser($username, $email, $rightGroupId, $adminUser) $newPass = Util::randomString(10); $newSalt = Util::randomString(20); $newHash = Encryption::passwordHash($newPass, $newSalt); - $user = new User(null, $username, $email, $newHash, $newSalt, 1, 1, 0, time(), 3600, $group->getId(), 0, "", "", "", ""); + $user = new User(null, $username, $email, $newHash, $newSalt, 1, 0,1, 0, time(), 3600, $group->getId(), 0, "", "", "", ""); Factory::getUserFactory()->save($user); // add user to default group diff --git a/src/install/.htaccess b/src/install/.htaccess new file mode 100644 index 000000000..896fbc5a3 --- /dev/null +++ b/src/install/.htaccess @@ -0,0 +1,2 @@ +Order deny,allow +Deny from all \ No newline at end of file diff --git a/src/install/hashtopolis.sql b/src/install/hashtopolis.sql index 1b357b357..c55a3f9da 100644 --- a/src/install/hashtopolis.sql +++ b/src/install/hashtopolis.sql @@ -170,7 +170,11 @@ INSERT INTO `Config` (`configId`, `configSectionId`, `item`, `value`) VALUES (74, 4, 'agentUtilThreshold1', '90'), (75, 4, 'agentUtilThreshold2', '75'), (76, 3, 'uApiSendTaskIsComplete', '0'), - (77, 1, 'hcErrorIgnore', 'DeviceGetFanSpeed'); + (77, 1, 'hcErrorIgnore', 'DeviceGetFanSpeed'), + (78, 8, 'ldap_server', ''), + (79, 8, 'ldap_basedn', ''), + (80, 8, 'ldap_uid', ''); + CREATE TABLE `ConfigSection` ( `configSectionId` INT(11) NOT NULL, @@ -184,7 +188,8 @@ INSERT INTO `ConfigSection` (`configSectionId`, `sectionName`) VALUES (4, 'UI'), (5, 'Server'), (6, 'Multicast'), - (7, 'Notifications'); + (7, 'Notifications'), + (8, 'LDAP'); CREATE TABLE `CrackerBinary` ( `crackerBinaryId` INT(11) NOT NULL, @@ -880,7 +885,7 @@ CREATE TABLE `TaskDebugOutput` ( `taskId` INT(11) NOT NULL, `output` VARCHAR(256) NOT NULL ) ENGINE=InnoDB; - + CREATE TABLE `TaskWrapper` ( `taskWrapperId` INT(11) NOT NULL, `priority` INT(11) NOT NULL, @@ -899,6 +904,7 @@ CREATE TABLE `User` ( `passwordHash` VARCHAR(256) NOT NULL, `passwordSalt` VARCHAR(256) NOT NULL, `isValid` TINYINT(4) NOT NULL, + `isLDAP` TINYINT(4) NOT NULL DEFAULT 0, `isComputedPassword` TINYINT(4) NOT NULL, `lastLoginDate` BIGINT NOT NULL, `registeredSince` BIGINT NOT NULL, @@ -1089,10 +1095,10 @@ ALTER TABLE `HashlistHashlist` ALTER TABLE `HashType` ADD PRIMARY KEY (`hashTypeId`); -ALTER TABLE `HealthCheck` +ALTER TABLE `HealthCheck` ADD PRIMARY KEY (`healthCheckId`); -ALTER TABLE `HealthCheckAgent` +ALTER TABLE `HealthCheckAgent` ADD PRIMARY KEY (`healthCheckAgentId`); ALTER TABLE `LogEntry` @@ -1237,10 +1243,10 @@ ALTER TABLE `Hashlist` ALTER TABLE `HashlistHashlist` MODIFY `hashlistHashlistId` INT(11) NOT NULL AUTO_INCREMENT; -ALTER TABLE `HealthCheck` +ALTER TABLE `HealthCheck` MODIFY `healthCheckId` INT(11) NOT NULL AUTO_INCREMENT; -ALTER TABLE `HealthCheckAgent` +ALTER TABLE `HealthCheckAgent` MODIFY `healthCheckAgentId` INT(11) NOT NULL AUTO_INCREMENT; ALTER TABLE `LogEntry` diff --git a/src/install/index.php b/src/install/index.php index 707417330..fa1d6c3e5 100755 --- a/src/install/index.php +++ b/src/install/index.php @@ -180,7 +180,7 @@ $group = $group[0]; $newSalt = Util::randomString(20); $newHash = Encryption::passwordHash($password, $newSalt); - $user = new User(null, $username, $email, $newHash, $newSalt, 1, 1, 0, time(), 3600, $group->getId(), 0, "", "", "", ""); + $user = new User(null, $username, $email, $newHash, $newSalt, 1, 0, 1, 0, time(), 3600, $group->getId(), 0, "", "", "", ""); Factory::getUserFactory()->save($user); // create default group diff --git a/src/templates/account.template.html b/src/templates/account.template.html index 18128050f..4fed64871 100755 --- a/src/templates/account.template.html +++ b/src/templates/account.template.html @@ -39,6 +39,7 @@

My Account ([[htmlentities([[user.getUsername()]], ENT_QUOTES, "UTF-8")]]) + {{IF [[user.getIsLDAP()]] == 0}} Password @@ -52,6 +53,7 @@

My Account ([[htmlentities([[user.getUsername()]], ENT_QUOTES, "UTF-8")]]) + {{ENDIF}} diff --git a/src/templates/config.template.html b/src/templates/config.template.html index eeaaa1320..8b0569f4c 100755 --- a/src/templates/config.template.html +++ b/src/templates/config.template.html @@ -12,6 +12,7 @@

Server configuration

+ diff --git a/src/templates/users/detail.template.html b/src/templates/users/detail.template.html index 17ebf4c7c..9b89d7294 100755 --- a/src/templates/users/detail.template.html +++ b/src/templates/users/detail.template.html @@ -57,6 +57,28 @@

User ([[htmlentities([[user.getUsername()]], ENT_QUOTES, "UTF-8")]])

{{ENDIF}} + + + Enable/Disable LDAP + + {{IF [[user.getIsLDAP()]] == 1}} + LDAP is currently enabled +
+ + + + +
+ {{ELSE}} + LDAP is currently disabled +
+ + + + +
+ {{ENDIF}} + Set users right group @@ -100,4 +122,4 @@

User ([[htmlentities([[user.getUsername()]], ENT_QUOTES, "UTF-8")]])

-{%TEMPLATE->struct/foot%} +{%TEMPLATE->struct/foot%} \ No newline at end of file diff --git a/src/templates/users/index.template.html b/src/templates/users/index.template.html index ec74b75ce..6da7cce85 100755 --- a/src/templates/users/index.template.html +++ b/src/templates/users/index.template.html @@ -12,6 +12,7 @@

All users ([[numUsers]])

Last login Email Validity + Auth Type Session lifetime Right group Action @@ -30,6 +31,13 @@

All users ([[numUsers]])

Invalid/Not activated {{ENDIF}} + + {{IF [[entry.getVal('user').getIsLDAP()]] == 1}} + LDAP + {{ELSE}} + Local + {{ENDIF}} + [[entry.getVal('user').getSessionLifetime()]] [[entry.getVal('group').getGroupName()]] @@ -40,4 +48,4 @@

All users ([[numUsers]])

-{%TEMPLATE->struct/foot%} +{%TEMPLATE->struct/foot%} \ No newline at end of file