Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
Cp7 m 69 fix ldap groups (#6370)
Browse files Browse the repository at this point in the history 
* fix(knowledgebase): fix compatibility with MW1.30

Apply new API rules and add compatibility downwards to 1.27

Resolves: CP7M-63

* refactor(knowledgebase): remove cookies after curl call

* fix(auth): Disallow login with saved details of ldap user

Disconnect user if disabled/not found in ldap server instead of fall back to local auth

Closes: CP7M-76

* fix(ldap): Update ldap groups sync

Update logic to sync ldap groups. Force ldap resync upon login.

* refactor(contactgroups): change fetchRow to fetch
  • Loading branch information
@victorvassilev @kduret
victorvassilev authored and kduret committed Jun 20, 2018
1 parent f24f558 commit d5d051c
Show file tree
Hide file tree
Showing 3 changed files with 95 additions and 35 deletions.
25 changes: 14 additions & 11 deletions www/class/centreonAuth.LDAP.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,20 +108,16 @@ private function getLogFlag()
*/
public function checkPassword()
{
/*
* Check if it's a new user
*/
$newUser = false;
if (!isset($this->contactInfos['contact_ldap_dn']) || $this->contactInfos['contact_ldap_dn'] == '') {
$this->contactInfos['contact_ldap_dn'] = $this->ldap->findUserDn($this->contactInfos['contact_alias']);
$newUser = true;

/* Validate if user exists in this resource */
} elseif (isset($this->contactInfos['contact_ldap_dn'])
&& $this->contactInfos['contact_ldap_dn'] != ''
&& $this->ldap->findUserDn(
$this->contactInfos['contact_alias']
) !== $this->contactInfos['contact_ldap_dn']) {
return 2;
return 0;
}

/*
Expand Down Expand Up @@ -185,10 +181,6 @@ public function checkPassword()
if ($this->debug) {
$this->CentreonLog->insertLog(3, "LDAP AUTH : LDAP don't like you, sorry");
}
/*if ($this->firstCheck && $this->updateUserDn()) {
$this->firstCheck = false;
return $this->checkPassword();
}*/
return 0;
break;
}
Expand All @@ -211,7 +203,6 @@ public function updateUserDn()
$userDn = $this->ldap->findUserDn(
html_entity_decode($this->contactInfos['contact_alias'], ENT_QUOTES, 'UTF-8')
);

if (false === $userDn) {
$this->CentreonLog->insertLog(3, "LDAP AUTH : No DN for user " .
html_entity_decode($this->contactInfos['contact_alias'], ENT_QUOTES, 'UTF-8'));
Expand Down Expand Up @@ -287,6 +278,18 @@ public function updateUserDn()
return false;
}
$this->contactInfos['contact_ldap_dn'] = $userDn;

/*
* try to update user groups from AD
*/
try {
include_once(realpath(dirname(__FILE__) . '/centreonContactgroup.class.php'));
$cgs = new CentreonContactgroup($this->pearDB);
$cgs->syncWithLdap();
} catch (\Exception $e) {
$this->CentreonLog->insertLog(3, 'Error in updating ldap groups');
}

return true;
} else {
/*
Expand Down
45 changes: 33 additions & 12 deletions www/class/centreonContactgroup.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ public function getListContactgroup($withLdap = false, $dbOnly = false)
$query .= " ORDER BY a.cg_name";

$res = $this->db->query($query);
while ($contactgroup = $res->fetchRow()) {
while ($contactgroup = $res->fetch()) {
$contactgroups[$contactgroup["cg_id"]] = $contactgroup["cg_name"];
if ($withLdap && isset($contactgroup['cg_ldap_dn']) && $contactgroup['cg_ldap_dn'] != "") {
$contactgroups[$contactgroup["cg_id"]] = $this->formatLdapContactgroupName(
Expand Down Expand Up @@ -109,11 +109,11 @@ public function getLdapContactgroups($filter = '')

$query = "SELECT `value` FROM `options` WHERE `key` = 'ldap_auth_enable'";
$res = $this->db->query($query);
$row = $res->fetchRow();
$row = $res->fetch();
if ($row['value'] == 1) {
$query = "SELECT ar_id, ar_name FROM auth_ressource WHERE ar_enable = '1'";
$ldapres = $this->db->query($query);
while ($ldaprow = $ldapres->fetchRow()) {
while ($ldaprow = $ldapres->fetch()) {
$ldap = new CentreonLDAP($this->db, null, $ldaprow['ar_id']);
$ldap->connect(null, $ldaprow['ar_id']);
$cg_ldap = $ldap->listOfGroups();
Expand Down Expand Up @@ -167,7 +167,7 @@ public function insertLdapGroup($cg_name)
WHERE cg_name = '" . $this->db->escape($cg_name) . "'";
$res = $this->db->query($queryCheck);
if ($res->rowCount() == 1) {
$row = $res->fetchRow();
$row = $res->fetch();
return $row['cg_id'];
}
$ldap = new CentreonLDAP($this->db, null, $ar_id);
Expand All @@ -190,7 +190,7 @@ public function insertLdapGroup($cg_name)
} catch (\PDOException $e) {
return 0;
}
$row = $res->fetchRow();
$row = $res->fetch();
/*
* Reset ldap build cache time
*/
Expand All @@ -216,13 +216,34 @@ public function syncWithLdap()
/*
* Connect to LDAP Server
*/
while ($ldaprow = $ldapres->fetchRow()) {
while ($ldaprow = $ldapres->fetch()) {
$ldapConn = new CentreonLDAP($this->db, null, $ldaprow['ar_id']);
$connectionResult = $ldapConn->connect();
if (false != $connectionResult) {
$res = $this->db->query("SELECT cg_id, cg_name, cg_ldap_dn FROM contactgroup
WHERE cg_type = 'ldap' AND ar_id = " . $ldaprow['ar_id']);
while ($row = $res->fetchRow()) {


/**
* insert groups from ldap into centreon
*/
$registeredGroupsFromDB = $res->fetchAll();
$registeredGroups = [];
foreach ($registeredGroupsFromDB as $registeredGroupFromDB){
$registeredGroups[] = $registeredGroupFromDB['cg_name'];
}
$ldapGroups = $ldapConn->listOfGroups();
$toInsertGroups = array_diff($ldapGroups, $registeredGroups);

foreach ($toInsertGroups as $toInsertGroup){
$this->insertLdapGroup('['.$ldaprow['ar_id'].']'.$toInsertGroup);
}

$res = $this->db->query("SELECT cg_id, cg_name, cg_ldap_dn FROM contactgroup
WHERE cg_type = 'ldap' AND ar_id = " . $ldaprow['ar_id']);


while ($row = $res->fetch()) {
/*
* Test is the group a not move or delete in ldap
*/
Expand Down Expand Up @@ -266,19 +287,19 @@ public function syncWithLdap()

$contact = '';
foreach ($members as $member) {
$contact = $this->db->quote($member) . ',';
$contact .= $this->db->quote($member) . ',';
}
$contact = rtrim($contact, ",");

$queryContact = "SELECT contact_id FROM contact
WHERE contact_ldap_dn IN ('" . $contact . "')";
WHERE contact_ldap_dn IN (" . $contact . ")";
try {
$resContact = $this->db->query($queryContact);
} catch (\PDOException $e) {
$msg[] = "Error in getting contact id form members.";
continue;
}
while ($rowContact = $resContact->fetchRow()) {
while ($rowContact = $resContact->fetch()) {
$queryAddRelation = "INSERT INTO contactgroup_contact_relation
(contactgroup_cg_id, contact_contact_id)
VALUES (" . $row['cg_id'] . ", " . $rowContact['contact_id'] . ")";
Expand Down Expand Up @@ -312,7 +333,7 @@ public function getNameFromCgId($cgId)
$query = "SELECT cg_name FROM contactgroup WHERE cg_id = " . CentreonDB::escape($cgId) . " LIMIT 1";
$res = $this->db->query($query);
if ($res->rowCount()) {
$row = $res->fetchRow();
$row = $res->fetch();
return $row['cg_name'];
} else {
throw new \Exception('No contact group name found');
Expand Down Expand Up @@ -345,7 +366,7 @@ public static function verifiedExists($listCgs)
} catch (\PDOException $e) {
return false;
}
$row = $res->fetchRow();
$row = $res->fetch();
if ($row['nb'] != 0) {
return false;
}
Expand Down
60 changes: 48 additions & 12 deletions www/class/centreonLDAP.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -477,20 +477,44 @@ public function listUserForGroup($groupdn)
return array();
}
$groupdn = str_replace('\\', '\\\\', $groupdn);
$filter = '(&' . preg_replace('/%s/', '*', $this->userSearchInfo['filter']) .
'(' . $this->userSearchInfo['group'] . '=' . $this->replaceFilter($groupdn) . '))';
$result = @ldap_search($this->ds, $this->userSearchInfo['base_search'], $filter);
if (false === $result) {
restore_error_handler();
return array();
}
$entries = ldap_get_entries($this->ds, $result);
$nbEntries = $entries["count"];
$list = array();
for ($i = 0; $i < $nbEntries; $i++) {
$list[] = $entries[$i]['dn'];
if (!empty($this->userSearchInfo['group'])) {
/**
* we have specific parameter for user to denote groups he belongs to
*/
$filter = '(&' . preg_replace('/%s/', '*', $this->userSearchInfo['filter']) .
'(' . $this->userSearchInfo['group'] . '=' . $this->replaceFilter($groupdn) . '))';
$result = @ldap_search($this->ds, $this->userSearchInfo['base_search'], $filter);

if (false === $result) {
restore_error_handler();
return array();
}
$entries = ldap_get_entries($this->ds, $result);
$nbEntries = $entries["count"];
for ($i = 0; $i < $nbEntries; $i++) {
$list[] = $entries[$i]['dn'];
}
restore_error_handler();
} else {
/**
* we get list of members by group
*/
$filter = preg_replace('/%s/', $this->getCnFromDn($groupdn), $this->groupSearchInfo['filter']);
$result = @ldap_search($this->ds, $this->userSearchInfo['base_search'], $filter);

if (false === $result) {
restore_error_handler();
return array();
}
$entries = ldap_get_entries($this->ds, $result);
$nbEntries = !empty($entries[0]['member']['count']) ? $entries[0]['member']['count'] : 0;
for ($i = 0; $i < $nbEntries; $i++) {
$list[] = $entries[0]['member'][$i];
}
restore_error_handler();
}
restore_error_handler();

return $list;
}

Expand Down Expand Up @@ -783,6 +807,18 @@ private function setErrorHandler()
{
set_error_handler('errorLdapHandler');
}

/**
* get cn from dn
*/
private function getCnFromDn($dn)
{

if (preg_match('/(?i:(?<=cn=)).*?(?=,[A-Za-z]{0,2}=|$)/', $dn, $dnArray)) {
return !empty($dnArray) ? $dnArray[0] : false;
}
return false;
}
}

/**
Expand Down

0 comments on commit d5d051c

Please sign in to comment.