function AuditLdapPaths() { global $db; $aes_key = GetAesKey(); $ldap_details = array(); // Get paths info from db $sql = "SELECT ldap_connections_server,AES_DECRYPT(ldap_connections_user,'" . $aes_key . "') AS ldap_user, AES_DECRYPT(ldap_connections_password,'" . $aes_key . "') AS ldap_password, ldap_connections_fqdn, ldap_paths_id, ldap_paths_dn "; $sql .= "FROM ldap_connections INNER JOIN ldap_paths on ldap_paths.ldap_paths_connection_id=ldap_connections.ldap_connections_id "; $sql .= "WHERE ldap_paths.ldap_paths_audit=1"; $result = mysql_query($sql, $db); if ($myrow = mysql_fetch_array($result)) { DebugEcho($myrow); // Loop thru all defined paths and audit do { $ldap_path_details["ldap_path_id"] = $myrow["ldap_paths_id"]; $ldap_path_details["ldap_server"] = $myrow["ldap_connections_server"]; // if ldap_user is not stored in UPN format, append DNS suffix to user name to make UPN if (isEmailAddress($myrow["ldap_user"])) { $ldap_path_details["ldap_user"] = $myrow["ldap_user"]; } else { $ldap_path_details["ldap_user"] = $myrow["ldap_user"] . "@" . $myrow["ldap_connections_fqdn"]; } $ldap_path_details["ldap_password"] = $myrow["ldap_password"]; $ldap_path_details["ldap_base_dn"] = $myrow["ldap_paths_dn"]; // Got details - now audit this path AuditSingleLdapPath($ldap_path_details); } while ($myrow = mysql_fetch_array($result)); } }
function GetLdapConnection() { $db = ConnectToOpenAuditDb(); // Get domain that we need to connect to - user and computer may be different domains $sql = "SELECT system_name, net_domain, net_user_name FROM system WHERE system_uuid = '" . $_GET["uuid"] . "'"; $result = mysql_query($sql, $db); $system = mysql_fetch_array($result); // Get user domain - user name *may* be in DOMAIN\ACCOUNT format or may not :-) if ($_GET["record_type"] == "user") { $domain = stripos($system["net_user_name"], "\\") !== FALSE ? array_shift(explode("\\", $system["net_user_name"])) : $system["net_domain"]; } else { $domain = $system["net_domain"]; } // Now get ldap connection info for that domain, if any ... $aeskey = GetAesKey(); $sql = "SELECT ldap_connections_server as server, ldap_connections_nc as nc, \r\n\t\t\t\t\tldap_connections_fqdn as fqdn, ldap_connections_name as name, \r\n\t\t\t\t\tAES_DECRYPT(`ldap_connections_user`,'" . $aeskey . "') as user, \r\n\t\t\t\t\tAES_DECRYPT(`ldap_connections_password`,'" . $aeskey . "') as password \r\n\t\t\t\t\tFROM ldap_connections\r\n\t\t\t\t\tWHERE ldap_connections_fqdn = '{$domain}' OR ldap_connections_name = '{$domain}'"; $result = mysql_query($sql, $db); $ldap_info = ($ldap = mysql_fetch_array($result)) === FALSE ? FALSE : array_merge($system, $ldap); mysql_close($db); return $ldap_info; }
function GetLdapConnectionXml($db) { header("Content-type: text/xml"); $aes_key = GetAesKey(); $sql = "SELECT ldap_connections_server, AES_DECRYPT(ldap_connections_user,'" . $aes_key . "') \r\n\tAS ldap_user, AES_DECRYPT(ldap_connections_password,'" . $aes_key . "') AS ldap_password FROM ldap_connections \r\n\tWHERE ldap_connections_id='" . $_GET["ldap_connection_id"] . "'"; $result = mysql_query($sql, $db); // Return results as xml $response = "<connections>"; if ($myrow = mysql_fetch_array($result)) { do { $response .= "<connection>"; $response .= "<ldap_connection_server>" . $myrow['ldap_connections_server'] . "</ldap_connection_server>"; $response .= "<ldap_connection_user>" . $myrow['ldap_user'] . "</ldap_connection_user>"; $response .= "<ldap_connection_password>" . $myrow['ldap_password'] . "</ldap_connection_password>"; $response .= "</connection>"; } while ($myrow = mysql_fetch_array($result)); } $response .= "</connections>"; return $response; }
function GetLdapConnectionsFromDb() { global $mysql_server, $mysql_user, $mysql_password, $mysql_database; $db = mysql_connect($mysql_server, $mysql_user, $mysql_password); mysql_select_db($mysql_database, $db); $aes_key = GetAesKey(); $sql = "SELECT ldap_connections_id,AES_DECRYPT(ldap_connections_user,'" . $aes_key . "') AS ldap_user, \r\n\tAES_DECRYPT(ldap_connections_password,'" . $aes_key . "') AS ldap_password, ldap_connections_server, \r\n\tldap_connections_fqdn, ldap_connections_name, ldap_connections_nc FROM ldap_connections "; $result = mysql_query($sql, $db); if ($myrow = mysql_fetch_array($result)) { $ldap_connections = array(); do { $id = $myrow["ldap_connections_id"]; $ldap_connections[$id] = array(); $ldap_connections[$id]["server"] = $myrow["ldap_connections_server"]; $ldap_connections[$id]["user"] = $myrow["ldap_user"]; $ldap_connections[$id]["password"] = $myrow["ldap_password"]; $ldap_connections[$id]["name"] = $myrow["ldap_connections_name"]; $ldap_connections[$id]["fqdn"] = $myrow["ldap_connections_fqdn"]; $ldap_connections[$id]["nc"] = $myrow["ldap_connections_nc"]; } while ($myrow = mysql_fetch_array($result)); } mysql_close(); return $ldap_connections; }
$content .= substr($current_content, 6); if (is_writable("include_config.php")) { if (!($handle = fopen("include_config.php", 'w'))) { exit("Cannot open file ({$filename})"); } if (fwrite($handle, $content) === FALSE) { exit("Cannot write to file ({$filename})"); } echo __("The Open-AudIT config has been updated"); fclose($handle); } else { echo __("The file") . "include_config.php" . __("is not writable"); } // Update encrypted LDAP data using new AES key function (GetAesKey) $old_aes_key = GetVolumeLabel('c'); $aes_key = GetAesKey(); $sql = "UPDATE `ldap_connections` SET\r\n\t\t\t\t`ldap_connections_user` = AES_ENCRYPT(AES_DECRYPT(`ldap_connections_user`,'" . $old_aes_key . "'),'" . $aes_key . "'),\r\n\t\t\t\t`ldap_connections_password` = AES_ENCRYPT(AES_DECRYPT(`ldap_connections_password`,'" . $old_aes_key . "'),'" . $aes_key . "')"; $result = mysql_query($sql); modify_config("version", "09.03.17"); // ********************************************************************************************* set_time_limit(30); ?> <br />Upgrade complete. <br /><br /><a href="index.php" alt=""><?php echo __("Return to Index"); ?> </a> </body> </html> <?php