function AuditLdapPaths()
{
global $db;
$aes_key = GetAesKey();
$ldap_details = array();
// Get paths info from db
$sql = "SELECT ldap_connections_server,AES_DECRYPT(ldap_connections_user,'" . $aes_key . "') AS ldap_user, AES_DECRYPT(ldap_connections_password,'" . $aes_key . "') AS ldap_password, ldap_connections_fqdn, ldap_paths_id, ldap_paths_dn ";
$sql .= "FROM ldap_connections INNER JOIN ldap_paths on ldap_paths.ldap_paths_connection_id=ldap_connections.ldap_connections_id ";
$sql .= "WHERE ldap_paths.ldap_paths_audit=1";
$result = mysql_query($sql, $db);
if ($myrow = mysql_fetch_array($result)) {
DebugEcho($myrow);
// Loop thru all defined paths and audit
do {
$ldap_path_details["ldap_path_id"] = $myrow["ldap_paths_id"];
$ldap_path_details["ldap_server"] = $myrow["ldap_connections_server"];
// if ldap_user is not stored in UPN format, append DNS suffix to user name to make UPN
if (isEmailAddress($myrow["ldap_user"])) {
$ldap_path_details["ldap_user"] = $myrow["ldap_user"];
} else {
$ldap_path_details["ldap_user"] = $myrow["ldap_user"] . "@" . $myrow["ldap_connections_fqdn"];
}
$ldap_path_details["ldap_password"] = $myrow["ldap_password"];
$ldap_path_details["ldap_base_dn"] = $myrow["ldap_paths_dn"];
// Got details - now audit this path
AuditSingleLdapPath($ldap_path_details);
} while ($myrow = mysql_fetch_array($result));
}
}
function GetLdapConnection()
{
$db = ConnectToOpenAuditDb();
// Get domain that we need to connect to - user and computer may be different domains
$sql = "SELECT system_name, net_domain, net_user_name FROM system WHERE system_uuid = '" . $_GET["uuid"] . "'";
$result = mysql_query($sql, $db);
$system = mysql_fetch_array($result);
// Get user domain - user name *may* be in DOMAIN\ACCOUNT format or may not :-)
if ($_GET["record_type"] == "user") {
$domain = stripos($system["net_user_name"], "\\") !== FALSE ? array_shift(explode("\\", $system["net_user_name"])) : $system["net_domain"];
} else {
$domain = $system["net_domain"];
}
// Now get ldap connection info for that domain, if any ...
$aeskey = GetAesKey();
$sql = "SELECT ldap_connections_server as server, ldap_connections_nc as nc, \r\n\t\t\t\t\tldap_connections_fqdn as fqdn, ldap_connections_name as name, \r\n\t\t\t\t\tAES_DECRYPT(`ldap_connections_user`,'" . $aeskey . "') as user, \r\n\t\t\t\t\tAES_DECRYPT(`ldap_connections_password`,'" . $aeskey . "') as password \r\n\t\t\t\t\tFROM ldap_connections\r\n\t\t\t\t\tWHERE ldap_connections_fqdn = '{$domain}' OR ldap_connections_name = '{$domain}'";
$result = mysql_query($sql, $db);
$ldap_info = ($ldap = mysql_fetch_array($result)) === FALSE ? FALSE : array_merge($system, $ldap);
mysql_close($db);
return $ldap_info;
}
function GetLdapConnectionXml($db)
{
header("Content-type: text/xml");
$aes_key = GetAesKey();
$sql = "SELECT ldap_connections_server, AES_DECRYPT(ldap_connections_user,'" . $aes_key . "') \r\n\tAS ldap_user, AES_DECRYPT(ldap_connections_password,'" . $aes_key . "') AS ldap_password FROM ldap_connections \r\n\tWHERE ldap_connections_id='" . $_GET["ldap_connection_id"] . "'";
$result = mysql_query($sql, $db);
// Return results as xml
$response = "<connections>";
if ($myrow = mysql_fetch_array($result)) {
do {
$response .= "<connection>";
$response .= "<ldap_connection_server>" . $myrow['ldap_connections_server'] . "</ldap_connection_server>";
$response .= "<ldap_connection_user>" . $myrow['ldap_user'] . "</ldap_connection_user>";
$response .= "<ldap_connection_password>" . $myrow['ldap_password'] . "</ldap_connection_password>";
$response .= "</connection>";
} while ($myrow = mysql_fetch_array($result));
}
$response .= "</connections>";
return $response;
}
function GetLdapConnectionsFromDb()
{
global $mysql_server, $mysql_user, $mysql_password, $mysql_database;
$db = mysql_connect($mysql_server, $mysql_user, $mysql_password);
mysql_select_db($mysql_database, $db);
$aes_key = GetAesKey();
$sql = "SELECT ldap_connections_id,AES_DECRYPT(ldap_connections_user,'" . $aes_key . "') AS ldap_user, \r\n\tAES_DECRYPT(ldap_connections_password,'" . $aes_key . "') AS ldap_password, ldap_connections_server, \r\n\tldap_connections_fqdn, ldap_connections_name, ldap_connections_nc FROM ldap_connections ";
$result = mysql_query($sql, $db);
if ($myrow = mysql_fetch_array($result)) {
$ldap_connections = array();
do {
$id = $myrow["ldap_connections_id"];
$ldap_connections[$id] = array();
$ldap_connections[$id]["server"] = $myrow["ldap_connections_server"];
$ldap_connections[$id]["user"] = $myrow["ldap_user"];
$ldap_connections[$id]["password"] = $myrow["ldap_password"];
$ldap_connections[$id]["name"] = $myrow["ldap_connections_name"];
$ldap_connections[$id]["fqdn"] = $myrow["ldap_connections_fqdn"];
$ldap_connections[$id]["nc"] = $myrow["ldap_connections_nc"];
} while ($myrow = mysql_fetch_array($result));
}
mysql_close();
return $ldap_connections;
}
$content .= substr($current_content, 6);
if (is_writable("include_config.php")) {
if (!($handle = fopen("include_config.php", 'w'))) {
exit("Cannot open file ({$filename})");
}
if (fwrite($handle, $content) === FALSE) {
exit("Cannot write to file ({$filename})");
}
echo __("The Open-AudIT config has been updated");
fclose($handle);
} else {
echo __("The file") . "include_config.php" . __("is not writable");
}
// Update encrypted LDAP data using new AES key function (GetAesKey)
$old_aes_key = GetVolumeLabel('c');
$aes_key = GetAesKey();
$sql = "UPDATE `ldap_connections` SET\r\n\t\t\t\t`ldap_connections_user` = AES_ENCRYPT(AES_DECRYPT(`ldap_connections_user`,'" . $old_aes_key . "'),'" . $aes_key . "'),\r\n\t\t\t\t`ldap_connections_password` = AES_ENCRYPT(AES_DECRYPT(`ldap_connections_password`,'" . $old_aes_key . "'),'" . $aes_key . "')";
$result = mysql_query($sql);
modify_config("version", "09.03.17");
// *********************************************************************************************
set_time_limit(30);
?>
<br />Upgrade complete.
<br /><br /><a href="index.php" alt=""><?php
echo __("Return to Index");
?>
</a>
</body>
</html>
<?php
