318 |
richard |
1 |
<?php
|
|
|
2 |
/* written by steweb57 */
|
775 |
stephane |
3 |
require_once("lib/alcasar/freeradius/siteconfig.php");
|
|
|
4 |
require_once("lib/alcasar/freeradius/ldapconfig.php");
|
1677 |
richard |
5 |
/************************************************************************
|
|
|
6 |
* CONSTANTES AVEC CHEMINS DES FICHIERS DE CONFIGURATION *
|
|
|
7 |
*************************************************************************/
|
318 |
richard |
8 |
|
|
|
9 |
define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-available/alcasar");
|
|
|
10 |
define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/modules/ldap");
|
615 |
richard |
11 |
define ("ALCASAR_CONF_FILE", "/usr/local/etc/alcasar.conf");
|
318 |
richard |
12 |
|
1677 |
richard |
13 |
/****************************************************************
|
|
|
14 |
* FONCTION ERREUR *
|
|
|
15 |
*****************************************************************/
|
318 |
richard |
16 |
|
|
|
17 |
function erreur($er){
|
|
|
18 |
header('Location:ldap.php?erreur=$er');
|
|
|
19 |
exit();
|
|
|
20 |
}
|
|
|
21 |
|
1677 |
richard |
22 |
/****************************************************************
|
|
|
23 |
* VARIABLES DE FORMULAIRE *
|
|
|
24 |
*****************************************************************/
|
318 |
richard |
25 |
|
|
|
26 |
//Récupération des variables de formulaire
|
|
|
27 |
if (isset($_POST['auth_enable'])) $auth_enable = $_POST['auth_enable']; else erreur('Erreur de variable auth_enable');
|
|
|
28 |
if ($auth_enable == "1"){ //test $auth_enable
|
|
|
29 |
if (isset($_POST['ldap_server'])) $ldap_server = $_POST['ldap_server']; else erreur('Erreur de variable ldap_server');
|
|
|
30 |
if (isset($_POST['ldap_base_dn'])) $ldap_base_dn = $_POST['ldap_base_dn']; else erreur('Erreur de variable ldap_base_dn');
|
|
|
31 |
if (isset($_POST['ldap_filter'])) $ldap_filter = $_POST['ldap_filter']; else erreur('Erreur de variable ldap_filter');
|
|
|
32 |
if (isset($_POST['ldap_base_filter'])) $ldap_base_filter = $_POST['ldap_base_filter']; else erreur('Erreur de variable ldap_base_filter');
|
|
|
33 |
if (isset($_POST['ldap_user'])) $ldap_user = $_POST['ldap_user']; else erreur('Erreur de variable ldap_user');
|
2306 |
tom.houday |
34 |
if (isset($_POST['ldap_password'])) $ldap_password = $_POST['ldap_password']; else erreur('Erreur de variable ldap_password');
|
|
|
35 |
|
|
|
36 |
// Validation
|
2307 |
tom.houday |
37 |
if ((!preg_match('/^([0-9]{1,3}\.){3}([0-9]{1,3})$/', $ldap_server)) && (preg_match('/^[a-zA-Z0-9-_.]+$/', $ldap_server))) {
|
2306 |
tom.houday |
38 |
$ldap_server = gethostbyname($ldap_server);
|
|
|
39 |
}
|
2307 |
tom.houday |
40 |
if (!preg_match('/^([0-9]{1,3}\.){3}([0-9]{1,3})$/', $ldap_server)) {
|
2306 |
tom.houday |
41 |
exit('Invalid LDAP server IP.');
|
|
|
42 |
}
|
318 |
richard |
43 |
} //test $auth_enable
|
|
|
44 |
|
1677 |
richard |
45 |
/****************************************************************
|
|
|
46 |
* TEST DES FICHIERS DE CONFIGURATION *
|
|
|
47 |
*****************************************************************/
|
318 |
richard |
48 |
|
|
|
49 |
//Test de présence et des droits en modification des fichiers de configuration.
|
1160 |
stephane |
50 |
/* texte à internationaliser : pas urgent : débugage uniquement */
|
318 |
richard |
51 |
if (!file_exists(ALCASAR_RADIUS_SITE)){
|
|
|
52 |
exit("Fichier de configuration du virtual-host 'alcasar' de freeradius non présent");
|
|
|
53 |
}
|
|
|
54 |
if (!file_exists(ALCASAR_RADIUS_MODULE_LDAP)){
|
|
|
55 |
exit("Fichier de configuration du module ldap pour freeradius non présent");
|
|
|
56 |
}
|
|
|
57 |
if (!is_writable(ALCASAR_RADIUS_SITE)){
|
|
|
58 |
exit("Vous n'avez pas les droits d'écriture sur le fichier /etc/raddb/sites-available/alcasar");
|
|
|
59 |
}
|
|
|
60 |
if (!is_writable(ALCASAR_RADIUS_MODULE_LDAP)){
|
|
|
61 |
exit("Vous n'avez pas les droits d'écriture sur le fichier /etc/raddb/modules/ldap");
|
|
|
62 |
}
|
|
|
63 |
|
1677 |
richard |
64 |
/****************************************************************
|
|
|
65 |
* Fichier ALCASAR_RADIUS_SITE *
|
|
|
66 |
*****************************************************************/
|
775 |
stephane |
67 |
$site = new siteConfig();
|
|
|
68 |
$site->load(ALCASAR_RADIUS_SITE);
|
|
|
69 |
if ($auth_enable == "1"){ //test $auth_enable
|
777 |
stephane |
70 |
/*
|
|
|
71 |
ON ACTIVE LE LDAP
|
|
|
72 |
*/
|
|
|
73 |
/*
|
|
|
74 |
Configure autorize section with:
|
|
|
75 |
ldap {
|
|
|
76 |
fail=1
|
|
|
77 |
}
|
|
|
78 |
*/
|
|
|
79 |
if ($site->authorize->ldap === false){ // always test before update
|
776 |
stephane |
80 |
$site->authorize->addSection('ldap');
|
|
|
81 |
$site->authorize->ldap->addPair('fail','1');
|
|
|
82 |
}else{
|
777 |
stephane |
83 |
if ($site->authorize->ldap->fail === false){ // always test before update
|
776 |
stephane |
84 |
$site->authorize->ldap->addPair('fail','1');
|
|
|
85 |
}
|
|
|
86 |
}
|
777 |
stephane |
87 |
/*
|
|
|
88 |
Configure authenticate section with
|
|
|
89 |
Auth-Type LDAP {
|
|
|
90 |
ldap
|
|
|
91 |
}
|
|
|
92 |
*/
|
|
|
93 |
if ($site->authenticate->getSectionInstance('Auth-Type','LDAP')===false){ // always test before update
|
776 |
stephane |
94 |
$site->authenticate->addSection('Auth-Type', 'LDAP');
|
|
|
95 |
$site->authenticate->getSectionInstance('Auth-Type','LDAP')->addSection('ldap');
|
|
|
96 |
}
|
775 |
stephane |
97 |
} else {
|
777 |
stephane |
98 |
/*
|
|
|
99 |
ON DESACTIVE LE LDAP
|
|
|
100 |
*/
|
|
|
101 |
if ($site->authorize->ldap !== false){ // always test before update
|
|
|
102 |
$site->authorize->deleteSection("ldap");
|
|
|
103 |
}
|
|
|
104 |
if ($site->authenticate->getSectionInstance('Auth-Type','LDAP')!==false){ // always test before update
|
|
|
105 |
$site->authenticate->deleteSection('Auth-Type','LDAP');
|
|
|
106 |
}
|
775 |
stephane |
107 |
}
|
318 |
richard |
108 |
//Sauvegarde du /etc/raddb/sites-available/alcasar
|
775 |
stephane |
109 |
$site->save(ALCASAR_RADIUS_SITE);
|
318 |
richard |
110 |
|
1677 |
richard |
111 |
/****************************************************************
|
|
|
112 |
* Fichier ALCASAR_RADIUS_MODULE_LDAP *
|
|
|
113 |
*****************************************************************/
|
318 |
richard |
114 |
//on ne modifie ALCASAR_RADIUS_MODULE_LDAP uniquement si l'authentification ldap est active
|
|
|
115 |
if ($auth_enable == "1"){ //test $auth_enable
|
775 |
stephane |
116 |
// chargement de la configuration courante
|
|
|
117 |
$ldap = new ldapConfig();
|
|
|
118 |
$ldap->load(ALCASAR_RADIUS_MODULE_LDAP);
|
|
|
119 |
// mise à jours des données
|
779 |
stephane |
120 |
//$ldap->server = $ldap_server;
|
|
|
121 |
$ldap->host = $ldap_server;
|
780 |
stephane |
122 |
$ldap->identity = $ldap_user;
|
775 |
stephane |
123 |
$ldap->password = $ldap_password;
|
780 |
stephane |
124 |
$ldap->basedn = $ldap_base_dn;
|
779 |
stephane |
125 |
//$ldap->filter = $ldap_filter;
|
|
|
126 |
$ldap->uid = $ldap_filter;
|
775 |
stephane |
127 |
$ldap->base_filter = $ldap_base_filter;
|
|
|
128 |
//sauvegarde du fichier /etc/raddb/modules/ldap
|
|
|
129 |
$ldap->save(ALCASAR_RADIUS_MODULE_LDAP);
|
318 |
richard |
130 |
} //test $auth_enable
|
|
|
131 |
|
1677 |
richard |
132 |
/********************************************************
|
|
|
133 |
* Redémarage des service *
|
|
|
134 |
*********************************************************/
|
318 |
richard |
135 |
|
2299 |
tom.houday |
136 |
if ($auth_enable == "1") {
|
1677 |
richard |
137 |
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=off', 'LDAP=on', file_get_contents(ALCASAR_CONF_FILE)));
|
2301 |
tom.houday |
138 |
exec("sed -i \"s/^LDAP_IP=.*/LDAP_IP=$ldap_server/g\" ".ALCASAR_CONF_FILE);
|
2299 |
tom.houday |
139 |
}
|
615 |
richard |
140 |
else {
|
1677 |
richard |
141 |
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=on', 'LDAP=off', file_get_contents(ALCASAR_CONF_FILE)));
|
2301 |
tom.houday |
142 |
exec("sed -i \"s/^LDAP_IP=.*/LDAP_IP=0.0.0.0/g\" ".ALCASAR_CONF_FILE);
|
2299 |
tom.houday |
143 |
}
|
|
|
144 |
exec("sudo /usr/local/bin/alcasar-iptables.sh");
|
|
|
145 |
exec("sudo /usr/bin/systemctl restart radiusd");
|
318 |
richard |
146 |
|
1677 |
richard |
147 |
/****************************************************************
|
|
|
148 |
* Redirection vers la page de configuration LDAP *
|
|
|
149 |
*****************************************************************/
|
318 |
richard |
150 |
|
|
|
151 |
header('Location:ldap.php?update=ok');
|
|
|
152 |
exit();
|