diff --git a/www/class/centreon-clapi/centreonAPI.class.php b/www/class/centreon-clapi/centreonAPI.class.php index 89844631e99..dd4cbadda48 100644 --- a/www/class/centreon-clapi/centreonAPI.class.php +++ b/www/class/centreon-clapi/centreonAPI.class.php @@ -594,7 +594,7 @@ public function checkUser($useSha1 = false, $isWorker = false) $row, $row['ar_id'] ); - if ($centreonAuth->checkPassword() == 1) { + if ($centreonAuth->checkPassword() == \CentreonAuth::PASSWORD_VALID) { \CentreonClapi\CentreonUtils::setUserId($row['contact_id']); return 1; } diff --git a/www/class/centreonAuth.LDAP.class.php b/www/class/centreonAuth.LDAP.class.php index a51cbe8c260..3006d15eff9 100644 --- a/www/class/centreonAuth.LDAP.class.php +++ b/www/class/centreonAuth.LDAP.class.php @@ -33,7 +33,8 @@ * */ -require_once _CENTREON_PATH_ . 'www/class/centreonLDAP.class.php'; +require_once __DIR__ . '/centreonAuth.class.php'; +require_once __DIR__ . '/centreonLDAP.class.php'; /** * Class for Ldap authentication @@ -91,8 +92,6 @@ public function __construct($pearDB, $CentreonLog, $login, $password, $contactIn */ private function getLogFlag() { - global $pearDB; - $res = $this->pearDB->query("SELECT value FROM options WHERE `key` = 'debug_ldap_import'"); $data = $res->fetch(); if (isset($data["value"])) { @@ -107,34 +106,39 @@ private function getLogFlag() */ public function checkPassword() { - if (!isset($this->contactInfos['contact_ldap_dn']) || $this->contactInfos['contact_ldap_dn'] == '') { + if (empty(trim($this->contactInfos['contact_ldap_dn']))) { $this->contactInfos['contact_ldap_dn'] = $this->ldap->findUserDn($this->contactInfos['contact_alias']); - - /* Validate if user exists in this resource */ } elseif ( - isset($this->contactInfos['contact_ldap_dn']) - && $this->contactInfos['contact_ldap_dn'] != '' - && $this->ldap->findUserDn($this->contactInfos['contact_alias']) !== $this->contactInfos['contact_ldap_dn'] - ) { - if ($this->ldap->connect()) { + ($userDn = $this->ldap->findUserDn($this->contactInfos['contact_alias'])) + && $userDn !== $this->contactInfos['contact_ldap_dn'] + ) { // validate if user exists in this resource + if (! $userDn) { //User resource error - return 0; + return CentreonAuth::PASSWORD_INVALID; } else { //LDAP fallback - return 2; + return CentreonAuth::PASSWORD_CANNOT_BE_VERIFIED; } } - /* - * LDAP BIND - */ - if (!isset($this->contactInfos['contact_ldap_dn']) || trim($this->contactInfos['contact_ldap_dn']) == '') { - return 2; + if (empty(trim($this->contactInfos['contact_ldap_dn']))) { + return CentreonAuth::PASSWORD_CANNOT_BE_VERIFIED; } - @ldap_bind($this->ds, $this->contactInfos['contact_ldap_dn'], $this->typePassword); + if ($this->debug) { - $this->CentreonLog->insertLog(3, "Connexion = " . $this->contactInfos['contact_ldap_dn'] . " :: " . - ldap_error($this->ds)); + $this->CentreonLog->insertLog( + 3, + 'LDAP AUTH : ' . $this->contactInfos['contact_ldap_dn'] . ' :: Authentication in progress' + ); + } + + @ldap_bind($this->ds, $this->contactInfos['contact_ldap_dn'], $this->typePassword); + + if (empty($this->ds)) { + if ($this->debug) { + $this->CentreonLog->insertLog(3, "DS empty"); + } + return CentreonAuth::PASSWORD_CANNOT_BE_VERIFIED; } /* @@ -146,54 +150,29 @@ public function checkPassword() * 52 : Server is unavailable => Fallback * 81 : Can't contact LDAP server (php5) => Fallback */ - if (isset($this->ds) && $this->ds) { - switch (ldap_errno($this->ds)) { - case 0: - if ($this->debug) { - $this->CentreonLog->insertLog(3, "LDAP AUTH : OK, let's go ! "); - } - if (false == $this->updateUserDn()) { - return 0; - } - return 1; - break; - case 2: - if ($this->debug) { - $this->CentreonLog->insertLog(3, "LDAP AUTH : Protocol Error "); - } - return 2; - break; - case -1: - case 51: - if ($this->debug) { - $this->CentreonLog->insertLog(3, "LDAP AUTH : Error, Server Busy. Try later"); - } - return -1; - break; - case 52: - if ($this->debug) { - $this->CentreonLog->insertLog(3, "LDAP AUTH : Error, Server unavailable. Try later"); - } - return -1; - break; - case 81: - if ($this->debug) { - $this->CentreonLog->insertLog(3, "LDAP AUTH : Error, Fallback to Local AUTH"); - } - return 2; - break; - default: - if ($this->debug) { - $this->CentreonLog->insertLog(3, "LDAP AUTH : LDAP don't like you, sorry"); - } - return 0; - break; - } - } else { - if ($this->debug) { - $this->CentreonLog->insertLog(3, "DS empty"); - } - return 0; /* 2 ?? */ + switch (ldap_errno($this->ds)) { + case 0: + if ($this->debug) { + $this->CentreonLog->insertLog(3, "LDAP AUTH : Success"); + } + if (false == $this->updateUserDn()) { + return CentreonAuth::PASSWORD_INVALID; + } + return CentreonAuth::PASSWORD_VALID; + case -1: + case 2: // protocol error + case 51: // busy + case 52: // unavailable + case 81: // server down + if ($this->debug) { + $this->CentreonLog->insertLog(3, "LDAP AUTH : " . ldap_error($this->ds)); + } + return CentreonAuth::PASSWORD_CANNOT_BE_VERIFIED; + default: + if ($this->debug) { + $this->CentreonLog->insertLog(3, "LDAP AUTH : " . ldap_error($this->ds)); + } + return CentreonAuth::PASSWORD_INVALID; } } @@ -260,24 +239,26 @@ public function updateUserDn() * Searching if the user already exist in the DB and updating OR adding him */ if (isset($this->contactInfos['contact_id'])) { - $stmt = $this->pearDB->prepare( - 'UPDATE contact SET - contact_ldap_dn = :userDn, - contact_name = :userDisplay, - contact_email = :userEmail, - contact_pager = :userPager, - ar_id = :arId - WHERE contact_id = :contactId' - ); try { // checking if the LDAP synchronization on login is enabled or needed - if ( - !$this->ldap->isSyncNeededAtLogin($this->arId, $this->contactInfos['contact_id']) - ) { + if (!$this->ldap->isSyncNeededAtLogin($this->arId, $this->contactInfos['contact_id'])) { // skipping the update return true; } - // Updating the user DN and extended information + + $this->CentreonLog->insertLog( + 3, + 'LDAP AUTH : Updating user DN of ' . $userDisplay + ); + $stmt = $this->pearDB->prepare( + 'UPDATE contact SET + contact_ldap_dn = :userDn, + contact_name = :userDisplay, + contact_email = :userEmail, + contact_pager = :userPager, + ar_id = :arId + WHERE contact_id = :contactId' + ); $stmt->bindValue(':userDn', $userDn, \PDO::PARAM_STR); $stmt->bindValue(':userDisplay', $userDisplay, \PDO::PARAM_STR); $stmt->bindValue(':userEmail', $userEmail, \PDO::PARAM_STR); diff --git a/www/class/centreonAuth.class.php b/www/class/centreonAuth.class.php index e05ca3ce06f..05535968d55 100644 --- a/www/class/centreonAuth.class.php +++ b/www/class/centreonAuth.class.php @@ -35,6 +35,7 @@ */ require_once __DIR__ . '/centreonContact.class.php'; +require_once __DIR__ . '/centreonAuth.LDAP.class.php'; class CentreonAuth { @@ -49,10 +50,15 @@ class CentreonAuth public const PASSWORD_HASH_ALGORITHM = PASSWORD_BCRYPT; + public const PASSWORD_VALID = 1; + public const PASSWORD_INVALID = 0; + public const PASSWORD_CANNOT_BE_VERIFIED = -1; + public const ENCRYPT_MD5 = 1; public const ENCRYPT_SHA1 = 2; public const AUTH_TYPE_LOCAL = 'local'; + public const AUTH_TYPE_LDAP = 'ldap'; // Declare Values public $userInfos; @@ -63,7 +69,12 @@ class CentreonAuth protected $cryptEngine; protected $autologin; protected $cryptPossibilities; + + /** + * @var CentreonDB + */ protected $pearDB; + protected $debug; protected $dependencyInjector; @@ -157,158 +168,170 @@ protected function getLogFlag() */ protected function checkPassword($password, $token = "", $autoImport = false) { - if ((strlen($password) == 0 || $password === "") && $token === "") { - $this->passwdOk = 0; + if (empty($password) && empty($token)) { + $this->passwdOk = self::PASSWORD_INVALID; return; } - if ($this->userInfos["contact_auth_type"] == "ldap" && $this->autologin == 0) { - /* - * Insert LDAP Class - */ - include_once(_CENTREON_PATH_ . "/www/class/centreonAuth.LDAP.class.php"); - - $query = "SELECT ar_id FROM auth_ressource WHERE ar_enable = '1'"; - $res = $this->pearDB->query($query); - $authResources = array(); - while ($row = $res->fetch()) { - $index = $row['ar_id']; - if (isset($this->userInfos['ar_id']) && $this->userInfos['ar_id'] == $row['ar_id']) { - $index = 0; - } - $authResources[$index] = $row['ar_id']; + + if ($this->autologin) { + $this->checkAutologinKey($password, $token); + return; + } + + if ($this->userInfos["contact_auth_type"] === self::AUTH_TYPE_LDAP) { + $this->checkLdapPassword($password, $autoImport); + return; + } + + if ( + empty($this->userInfos["contact_auth_type"]) + || $this->userInfos["contact_auth_type"] === self::AUTH_TYPE_LOCAL + ) { + $this->checkLocalPassword($password); + return; + } + + $this->passwdOk = self::PASSWORD_INVALID; + } + + /** + * Check autologin key + * + * @param string $password + * @param string $token + */ + private function checkAutologinKey($password, $token): void + { + if ( + !empty($this->userInfos["contact_autologin_key"]) + && $this->userInfos["contact_autologin_key"] === $token + ) { + $this->passwdOk = self::PASSWORD_VALID; + } elseif ( + !empty($password) + && $this->userInfos["contact_passwd"] === $password + ) { + $this->passwdOk = self::PASSWORD_VALID; + } else { + $this->passwdOk = self::PASSWORD_INVALID; + } + } + + /** + * Check ldap user password + * + * @param string $password + * @param bool $autoImport + */ + private function checkLdapPassword($password, $autoImport): void + { + $res = $this->pearDB->query("SELECT ar_id FROM auth_ressource WHERE ar_enable = '1'"); + $authResources = []; + while ($row = $res->fetch()) { + $index = $row['ar_id']; + if (isset($this->userInfos['ar_id']) && $this->userInfos['ar_id'] == $row['ar_id']) { + $index = 0; } + $authResources[$index] = $row['ar_id']; + } - foreach ($authResources as $arId) { - if ($autoImport && !isset($this->ldap_auto_import[$arId])) { - break; - } - if ($this->passwdOk == 1) { - break; - } - $authLDAP = new CentreonAuthLDAP( - $this->pearDB, - $this->CentreonLog, - $this->login, - $this->password, - $this->userInfos, - $arId - ); - $this->passwdOk = $authLDAP->checkPassword(); - if ($this->passwdOk == -1) { - $this->passwdOk = 0; - if ( - isset($this->userInfos["contact_passwd"]) - && password_verify($this->password, $this->userInfos["contact_passwd"]) - ) { - $this->passwdOk = 1; - if (isset($this->ldap_store_password[$arId]) && $this->ldap_store_password[$arId]) { - $hashedPassword = password_hash($this->password, self::PASSWORD_HASH_ALGORITHM); - $contact = new \CentreonContact($this->pearDB); - $contact->addPasswordByContactId( - (int) $this->userInfos['contact_id'], + foreach ($authResources as $arId) { + if ($autoImport && !isset($this->ldap_auto_import[$arId])) { + break; + } + if ($this->passwdOk == self::PASSWORD_VALID) { + break; + } + $authLDAP = new CentreonAuthLDAP( + $this->pearDB, + $this->CentreonLog, + $this->login, + $this->password, + $this->userInfos, + $arId + ); + $this->passwdOk = $authLDAP->checkPassword(); + + if ($this->passwdOk == self::PASSWORD_VALID) { + if (isset($this->ldap_store_password[$arId]) && $this->ldap_store_password[$arId]) { + if (!isset($this->userInfos["contact_passwd"])) { + $hashedPassword = password_hash($this->password, self::PASSWORD_HASH_ALGORITHM); + $contact = new \CentreonContact($this->pearDB); + $contactId = $contact->findContactIdByAlias($this->login); + if ($contactId !== null) { + $contact->addPasswordByContactId($contactId, $hashedPassword); + } + // Update password if LDAP authentication is valid but password not up to date in Centreon. + } elseif (!password_verify($this->password, $this->userInfos["contact_passwd"])) { + $hashedPassword = password_hash($this->password, self::PASSWORD_HASH_ALGORITHM); + $contact = new \CentreonContact($this->pearDB); + $contactId = $contact->findContactIdByAlias($this->login); + if ($contactId !== null) { + $contact->replacePasswordByContactId( + $contactId, + $this->userInfos["contact_passwd"], $hashedPassword ); } } - } elseif ($this->passwdOk == 1) { - if (isset($this->ldap_store_password[$arId]) && $this->ldap_store_password[$arId]) { - if (!isset($this->userInfos["contact_passwd"])) { - $hashedPassword = password_hash($this->password, self::PASSWORD_HASH_ALGORITHM); - $contact = new \CentreonContact($this->pearDB); - $contactId = $contact->findContactIdByAlias($this->login); - if ($contactId !== null) { - $contact->addPasswordByContactId($contactId, $hashedPassword); - } - // Update password if LDAP authentication is valid but password not up to date in Centreon. - } elseif (!password_verify($this->password, $this->userInfos["contact_passwd"])) { - $hashedPassword = password_hash($this->password, self::PASSWORD_HASH_ALGORITHM); - $contact = new \CentreonContact($this->pearDB); - $contactId = $contact->findContactIdByAlias($this->login); - if ($contactId !== null) { - $contact->replacePasswordByContactId( - $contactId, - $this->userInfos["contact_passwd"], - $hashedPassword - ); - } - } - } } - } - } elseif ( - $this->userInfos["contact_auth_type"] == "" - || $this->userInfos["contact_auth_type"] === self::AUTH_TYPE_LOCAL - || $this->autologin - ) { - if ( - $this->autologin - && $this->userInfos["contact_autologin_key"] - && $this->userInfos["contact_autologin_key"] === $token - ) { - $this->passwdOk = 1; - } elseif ( - !empty($password) - && $this->userInfos["contact_passwd"] === $password - && $this->autologin - ) { - $this->passwdOk = 1; - - // Update password from md5 to bcrypt if old md5 password is valid. - } elseif ( - !empty($password) - && (str_starts_with($this->userInfos["contact_passwd"], 'md5__') - && $this->userInfos["contact_passwd"] === $this->myCrypt($password) - || 'md5__' . $this->userInfos["contact_passwd"] === $this->myCrypt($password)) - ) { - $newPassword = password_hash($password, self::PASSWORD_HASH_ALGORITHM); - $statement = $this->pearDB->prepare( - "UPDATE `contact_password` SET password = :newPassword - WHERE password = :oldPassword AND contact_id = :contactId" - ); - $statement->bindValue(':newPassword', $newPassword, \PDO::PARAM_STR); - $statement->bindValue(':oldPassword', $this->userInfos["contact_passwd"], \PDO::PARAM_STR); - $statement->bindValue(':contactId', $this->userInfos["contact_id"], \PDO::PARAM_INT); - $statement->execute(); - $this->passwdOk = 1; - } elseif ( - !empty($password) - && password_verify($password, $this->userInfos["contact_passwd"]) - && $this->autologin == 0 - ) { - $this->passwdOk = 1; - } else { - $this->passwdOk = 0; + break; } } - /** - * LDAP - fallback - */ - if ($this->passwdOk == 2) { + if ($this->passwdOk == self::PASSWORD_CANNOT_BE_VERIFIED) { if ( - $this->autologin && $this->userInfos["contact_autologin_key"] - && $this->userInfos["contact_autologin_key"] === $token - ) { - $this->passwdOk = 1; - } elseif ( - !empty($password) - && isset($this->userInfos["contact_passwd"]) - && $this->userInfos["contact_passwd"] === $password && $this->autologin - ) { - $this->passwdOk = 1; - } elseif ( !empty($password) - && isset($this->userInfos["contact_passwd"]) + && !empty($this->userInfos["contact_passwd"]) && password_verify($password, $this->userInfos["contact_passwd"]) - && $this->autologin == 0 ) { - $this->passwdOk = 1; + $this->passwdOk = self::PASSWORD_VALID; } else { - $this->passwdOk = 0; + $this->passwdOk = self::PASSWORD_INVALID; } } } + /** + * Check local user password + * + * @param string $password + */ + private function checkLocalPassword($password) + { + if (empty($password)) { + $this->passwdOk = self::PASSWORD_INVALID; + return; + } + + if (password_verify($password, $this->userInfos["contact_passwd"])) { + $this->passwdOk = self::PASSWORD_VALID; + return; + } + + if ( + ( + str_starts_with($this->userInfos["contact_passwd"], 'md5__') + && $this->userInfos["contact_passwd"] === $this->myCrypt($password) + ) + || 'md5__' . $this->userInfos["contact_passwd"] === $this->myCrypt($password) + ) { + $newPassword = password_hash($password, self::PASSWORD_HASH_ALGORITHM); + $statement = $this->pearDB->prepare( + "UPDATE `contact_password` SET password = :newPassword + WHERE password = :oldPassword AND contact_id = :contactId" + ); + $statement->bindValue(':newPassword', $newPassword, \PDO::PARAM_STR); + $statement->bindValue(':oldPassword', $this->userInfos["contact_passwd"], \PDO::PARAM_STR); + $statement->bindValue(':contactId', $this->userInfos["contact_id"], \PDO::PARAM_INT); + $statement->execute(); + $this->passwdOk = self::PASSWORD_VALID; + return; + } + + $this->passwdOk = self::PASSWORD_INVALID; + } + /** * Check user password * @@ -355,7 +378,7 @@ protected function checkUser($username, $password, $token) */ $this->getCryptFunction(); $this->checkPassword($password, $token); - if ($this->passwdOk == 1) { + if ($this->passwdOk == self::PASSWORD_VALID) { $this->CentreonLog->setUID($this->userInfos["contact_id"]); $this->CentreonLog->insertLog( CentreonUserLog::TYPE_LOGIN, @@ -363,20 +386,18 @@ protected function checkUser($username, $password, $token) . "Authentication succeeded for '" . $username . "'" ); } else { - // Take care before modifying this message pattern as it may break tools such as fail2ban - $this->CentreonLog->insertLog( - CentreonUserLog::TYPE_LOGIN, - "[" . self::AUTH_TYPE_LOCAL . "] [" . $_SERVER["REMOTE_ADDR"] . "] " - . "Authentication failed for '" . $username . "'" + $this->setAuthenticationError( + $this->userInfos['contact_auth_type'], + $username, + 'invalid credentials' ); - $this->error = _('Your credentials are incorrect.'); } } elseif (count($this->ldap_auto_import)) { /* * Add temporary userinfo auth_type */ $this->userInfos['contact_alias'] = $username; - $this->userInfos['contact_auth_type'] = "ldap"; + $this->userInfos['contact_auth_type'] = self::AUTH_TYPE_LDAP; $this->userInfos['contact_email'] = ''; $this->userInfos['contact_pager'] = ''; $this->checkPassword($password, "", true); @@ -403,17 +424,11 @@ protected function checkUser($username, $password, $token) $this->userInfos["default_page"] .= $data["topology_url_opt"]; } } + } else { + $this->setAuthenticationError(self::AUTH_TYPE_LDAP, $username, 'not found'); } } else { - if (strlen($username) > 0) { - // Take care before modifying this message pattern as it may break tools such as fail2ban - $this->CentreonLog->insertLog( - CentreonUserLog::TYPE_LOGIN, - "[" . self::AUTH_TYPE_LOCAL . "] [" . $_SERVER["REMOTE_ADDR"] . "] " - . "Authentication failed for '" . $username . "' : not found" - ); - } - $this->error = _('Your credentials are incorrect.'); + $this->setAuthenticationError(self::AUTH_TYPE_LOCAL, $username, 'not found'); } } @@ -486,4 +501,25 @@ protected function getAuthType() { return $this->authType; } + + /** + * Set authentication error and log it + * + * @param string $authenticationType + * @param string|bool $username + * @param string $reason + */ + private function setAuthenticationError(string $authenticationType, $username, string $reason): void + { + if (is_string($username) && strlen($username) > 0) { + // Take care before modifying this message pattern as it may break tools such as fail2ban + $this->CentreonLog->insertLog( + CentreonUserLog::TYPE_LOGIN, + "[" . $authenticationType . "] [" . $_SERVER["REMOTE_ADDR"] . "] " + . "Authentication failed for '" . $username . "' : " . $reason + ); + } + + $this->error = _('Your credentials are incorrect.'); + } } diff --git a/www/class/centreonContactgroup.class.php b/www/class/centreonContactgroup.class.php index 4eab2bd3d4e..9c297811ed3 100644 --- a/www/class/centreonContactgroup.class.php +++ b/www/class/centreonContactgroup.class.php @@ -279,20 +279,27 @@ public function syncWithLdapConfigGen() $msg = array(); $ldapServerConnError = array(); - $cgRes = $this->db->query("SELECT cg.cg_id, cg.cg_name, cg.cg_ldap_dn, cg.ar_id " . - "FROM contactgroup as cg, auth_ressource as ar " . - "WHERE cg.cg_type = 'ldap' AND cg.ar_id = ar.ar_id AND ar.ar_enable = '1' AND (" . - "EXISTS(SELECT 1 FROM contactgroup_host_relation chr WHERE chr.contactgroup_cg_id = cg.cg_id LIMIT 1) " - . " OR " . - "EXISTS(SELECT 1 FROM contactgroup_service_relation csr WHERE csr.contactgroup_cg_id = cg.cg_id LIMIT 1)" - . " OR " . - "EXISTS(SELECT 1 FROM contactgroup_hostgroup_relation chr WHERE chr.contactgroup_cg_id = cg.cg_id LIMIT 1)" - . " OR " . - "EXISTS(SELECT 1 FROM contactgroup_servicegroup_relation csr " . - "WHERE csr.contactgroup_cg_id = cg.cg_id LIMIT 1)" - . " OR " . - "EXISTS(SELECT 1 FROM escalation_contactgroup_relation ecr WHERE ecr.contactgroup_cg_id = cg.cg_id LIMIT 1)" - . ") ORDER BY cg.ar_id"); + $cgRes = $this->db->query( + "SELECT cg.cg_id, cg.cg_name, cg.cg_ldap_dn, cg.ar_id, ar.ar_name + FROM contactgroup as cg, auth_ressource as ar + WHERE cg.cg_type = 'ldap' + AND cg.ar_id = ar.ar_id + AND ar.ar_enable = '1' + AND ( + EXISTS ( + SELECT 1 FROM contactgroup_host_relation chr WHERE chr.contactgroup_cg_id = cg.cg_id LIMIT 1 + ) OR EXISTS ( + SELECT 1 FROM contactgroup_service_relation csr WHERE csr.contactgroup_cg_id = cg.cg_id LIMIT 1 + ) OR EXISTS ( + SELECT 1 FROM contactgroup_hostgroup_relation chr WHERE chr.contactgroup_cg_id = cg.cg_id LIMIT 1 + ) OR EXISTS ( + SELECT 1 FROM contactgroup_servicegroup_relation csr WHERE csr.contactgroup_cg_id = cg.cg_id LIMIT 1 + ) OR EXISTS ( + SELECT 1 FROM escalation_contactgroup_relation ecr WHERE ecr.contactgroup_cg_id = cg.cg_id LIMIT 1 + ) + ) + ORDER BY cg.ar_id" + ); $currentLdapId = 0; // the chosen LDAP configuration which should never stay to 0 if the LDAP is found $ldapConn = null; @@ -310,10 +317,7 @@ public function syncWithLdapConfigGen() $connectionResult = $ldapConn->connect(); if ($connectionResult == false) { $ldapServerConnError[$cgRow['ar_id']] = 1; - $stmt = $this->db->query("SELECT ar_name FROM auth_ressource " . - "WHERE ar_id = " . (int)$cgRow['ar_id']); - $res = $stmt->fetch(); - $msg[] = "Unable to connect to LDAP server : " . $res['ar_name'] . "."; + $msg[] = "Unable to connect to LDAP server : " . $cgRow['ar_name'] . "."; continue; } } @@ -331,9 +335,7 @@ public function syncWithLdapConfigGen() if (!$contact) { // no need to continue. If there's no contact, there's no relation to insert. - $stmt = $this->db->query("SELECT ar_name FROM auth_ressource WHERE ar_id = " . (int)$cgRow['ar_id']); - $res = $stmt->fetch(); - $msg[] = "Error : there's no contact to update for LDAP : " . $res['ar_name'] . "."; + $msg[] = "Error : there's no contact to update for LDAP : " . $cgRow['ar_name'] . "."; return $msg; } try { @@ -436,18 +438,19 @@ public function syncWithLdap() throw $e; } continue; - } else { - // Update the ldap group in contactgroup - $queryUpdateDn = "UPDATE contactgroup SET cg_ldap_dn = '" . $dn . - "' WHERE cg_id = " . $row['cg_id']; + } else { // Update the ldap group dn in contactgroup try { - $this->db->query($queryUpdateDn); + $updateDnStatement = $this->db->prepare( + "UPDATE contactgroup SET cg_ldap_dn = :cg_dn WHERE cg_id = :cg_id" + ); + $updateDnStatement->bindValue(':cg_dn', $dn, \PDO::PARAM_STR); + $updateDnStatement->bindValue(':cg_id', $row['cg_id'], \PDO::PARAM_INT); + $updateDnStatement->execute(); $row['cg_ldap_dn'] = $dn; } catch (\PDOException $e) { $msg[] = "Error processing update contactgroup request of ldap group : " . $row['cg_name']; throw $e; - continue; } } } @@ -460,16 +463,16 @@ public function syncWithLdap() ); $deleteStmt->bindValue(':cgId', $row['cg_id'], \PDO::PARAM_INT); $deleteStmt->execute(); - $contact = ''; + $contactDns = ''; foreach ($members as $member) { - $contact .= $this->db->quote($member) . ','; + $contactDns .= $this->db->quote($member) . ','; } - $contact = rtrim($contact, ","); + $contactDns = rtrim($contactDns, ","); - if ($contact !== '') { + if ($contactDns !== '') { try { $resContact = $this->db->query( - "SELECT contact_id FROM contact WHERE contact_ldap_dn IN (" . $contact . ")" + "SELECT contact_id FROM contact WHERE contact_ldap_dn IN (" . $contactDns . ")" ); } catch (\PDOException $e) { $msg[] = "Error in getting contact id from members."; diff --git a/www/class/centreonLDAP.class.php b/www/class/centreonLDAP.class.php index ec88cec5d00..d8dd7d18c93 100644 --- a/www/class/centreonLDAP.class.php +++ b/www/class/centreonLDAP.class.php @@ -65,8 +65,8 @@ public function __construct($pearDB, $centreonLog = null, $arId = null) /* Check if use service form DNS */ $use_dns_srv = 0; $dbResult = $this->db->query( - "SELECT `ari_value` - FROM `auth_ressource_info` + "SELECT `ari_value` + FROM `auth_ressource_info` WHERE `ari_name` = 'ldap_srv_dns' AND ar_id = " . (int) $arId ); $row = $dbResult->fetch(); @@ -76,9 +76,9 @@ public function __construct($pearDB, $centreonLog = null, $arId = null) } $dbResult = $this->db->query( - "SELECT `key`, `value` - FROM `options` - WHERE `key` + "SELECT `key`, `value` + FROM `options` + WHERE `key` IN ('debug_ldap_import', 'debug_path')" ); while ($row = $dbResult->fetch()) { @@ -97,22 +97,17 @@ public function __construct($pearDB, $centreonLog = null, $arId = null) $searchTimeout = 5; $tempSearchTimeout = $this->getLdapHostParameters($arId, 'ldap_search_timeout'); - if (count($tempSearchTimeout) > 0) { - if ( - isset($tempSearchTimeout['ari_value']) - && !empty($tempSearchTimeout['ari_value']) - ) { - $searchTimeout = $tempSearchTimeout['ari_value']; - } + if (!empty($tempSearchTimeout['ari_value'])) { + $searchTimeout = $tempSearchTimeout['ari_value']; } /* Get the list of server ldap */ if ($use_dns_srv != "0") { $dns_query = '_ldap._tcp'; $dbResult = $this->db->query( - "SELECT `ari_value` - FROM auth_ressource_info - WHERE `ari_name` = 'ldap_dns_use_domain' + "SELECT `ari_value` + FROM auth_ressource_info + WHERE `ari_name` = 'ldap_dns_use_domain' AND ar_id = " . (int) $arId ); $row = $dbResult->fetch(); @@ -122,11 +117,12 @@ public function __construct($pearDB, $centreonLog = null, $arId = null) } $list = dns_get_record($dns_query, DNS_SRV); foreach ($list as $entry) { - $ldap = array(); - $ldap['host'] = $entry['target']; - $ldap['id'] = $arId; - $ldap['search_timeout'] = $searchTimeout; - $ldap['info'] = $this->getInfoUseDnsConnect(); + $ldap = [ + 'host' => $entry['target'], + 'id' => $arId, + 'search_timeout' => $searchTimeout, + 'info' => $this->getInfoUseDnsConnect(), + ]; $ldap['info']['port'] = $entry['port']; $ldap['info'] = array_merge($ldap['info'], $this->getBindInfo((int) $arId)); $this->ldapHosts[] = $ldap; @@ -138,10 +134,12 @@ public function __construct($pearDB, $centreonLog = null, $arId = null) WHERE auth_ressource_id = ' . (int) $arId . ' ORDER BY host_order' ); while ($row = $dbResult->fetch()) { - $ldap = array(); - $ldap['host'] = $row['host_address']; - $ldap['id'] = $arId; - $ldap['search_timeout'] = $searchTimeout; + $ldap = [ + 'host' => $row['host_address'], + 'id' => $arId, + 'search_timeout' => $searchTimeout, + 'info' => $this->getInfoUseDnsConnect(), + ]; $ldap['info'] = $this->getInfoConnect($row['ldap_host_id']); $ldap['info'] = array_merge($ldap['info'], $this->getBindInfo((int) $arId)); $this->ldapHosts[] = $ldap; @@ -1003,11 +1001,6 @@ public function isSyncNeededAtLogin(int $arId, int $contactId): bool 'Error while getting automatic synchronization value for LDAP Id : ' . $arId ); // assuming it needs to be synchronized - $this->centreonLog->insertLog( - 3, - 'LDAP AUTH : Updating user DN of ' . - (!empty($contactData['contact_name']) ? $contactData['contact_name'] : "contact id $contactId") - ); return true; } $this->centreonLog->insertLog( diff --git a/www/include/Administration/parameters/DB-Func.php b/www/include/Administration/parameters/DB-Func.php index 69cec29760c..46077c5e8b7 100644 --- a/www/include/Administration/parameters/DB-Func.php +++ b/www/include/Administration/parameters/DB-Func.php @@ -472,7 +472,6 @@ function updateLdapConfigData($gopt_id = null) { global $form, $pearDB, $centreon; - $ret = array(); $ret = $form->getSubmitValues(); updateOption( diff --git a/www/include/Administration/parameters/ldap/form.php b/www/include/Administration/parameters/ldap/form.php index da20aa5da01..bd9517846d5 100644 --- a/www/include/Administration/parameters/ldap/form.php +++ b/www/include/Administration/parameters/ldap/form.php @@ -153,8 +153,8 @@ /** * Default contactgroup for imported contact */ -$cgAvRoute = './include/common/webServices/rest/internal.php?object=centreon_configuration_contactgroup&action=list'; -$cgDeRoute = './include/common/webServices/rest/internal.php?object=centreon_configuration_contactgroup' +$cgAvRoute = './api/internal.php?object=centreon_configuration_contactgroup&action=list'; +$cgDeRoute = './api/internal.php?object=centreon_configuration_contactgroup' . '&action=defaultValues&target=contact&field=ldap_default_cg&id=' . $arId; $attrContactGroup = array( 'datasourceOrigin' => 'ajax',