/* Load plugin */
if (is_file("{$plugin_dir}/main.inc")) {
$display = "";
require "{$plugin_dir}/main.inc";
} else {
msg_dialog::display(_("Plugin"), sprintf(_("Fatal error: Cannot find any plugin definitions for plugin '%s' ('%s' is not a file)!"), $plug, "{$plugin_dir}/main.inc"), FATAL_ERROR_DIALOG);
exit;
}
/* Print_out last ErrorMessage repeated string. */
$smarty->assign("msg_dialogs", msg_dialog::get_dialogs());
$smarty->assign("contents", $display);
$smarty->assign("sessionLifetime", $config->get_cfg_value("sessionLifetime", 60 * 60 * 2));
/* If there's some post, take a look if everything is there... */
if (isset($_POST) && count($_POST)) {
if (!isset($_POST['php_c_check'])) {
msg_dialog::display(_("Configuration Error"), sprintf(_("Fatal error: not all POST variables have been transfered by PHP - please inform your administrator!")), FATAL_ERROR_DIALOG);
exit;
}
}
/* Assign errors to smarty */
if (session::is_set('errors')) {
$smarty->assign("errors", session::get('errors'));
}
if ($error_collector != "") {
$smarty->assign("php_errors", preg_replace("/%BUGBODY%/", $error_collector_mailto, $error_collector) . "</div>");
} else {
$smarty->assign("php_errors", "");
}
/* Set focus to the error button if we've an error message */
$focus = "";
if (session::is_set('errors') && session::get('errors') != "") {
static function casLoginProcess()
{
global $config, $message, $ui;
self::init();
/* Reset error messages */
$message = '';
//~ phpCAS::setDebug();
// Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, $config->get_cfg_value('casHost', 'localhost'), (int) $config->get_cfg_value('casPort', 443), $config->get_cfg_value('casContext', ''));
// Set the CA certificate that is the issuer of the cert
phpCAS::setCasServerCACert($config->get_cfg_value('casServerCaCertPath'));
//~ phpCAS::setNoCasServerValidation();
// force CAS authentication
phpCAS::forceAuthentication();
self::$username = phpCAS::getUser();
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
$verify_attr = explode(',', $config->get_cfg_value('loginAttribute', 'uid'));
$filter = '';
foreach ($verify_attr as $attr) {
$filter .= '(' . $attr . '=' . self::$username . ')';
}
$ldap->search('(&(|' . $filter . ')(objectClass=inetOrgPerson))');
$attrs = $ldap->fetch();
if ($ldap->count() < 1) {
msg_dialog::display(_('Error'), sprintf(_('CAS user "%s" could not be found in the LDAP'), self::$username), FATAL_ERROR_DIALOG);
exit;
} elseif ($ldap->count() > 1) {
msg_dialog::display(_('Error'), sprintf(_('CAS user "%s" match several users in the LDAP'), self::$username), FATAL_ERROR_DIALOG);
exit;
}
$ui = new userinfo($config, $attrs['dn']);
$ui->loadACL();
$success = self::runSteps(array('loginAndCheckExpired', 'runSchemaCheck', 'checkForLockingBranch'));
if ($success) {
/* Everything went well, redirect to main.php */
self::redirect();
}
}
exit;
}
$ui = session::get('ui');
$config = session::get('config');
/* Check ACL's */
$dn = "";
if (isset($_GET['n'])) {
$dn = base64_decode($_GET['n']);
$acl_dn = base64_decode($_GET['d']) . base64_decode($_GET['n']);
} elseif (isset($_GET['dn'])) {
$dn = base64_decode($_GET['dn']);
$acl_dn = base64_decode($_GET['dn']);
}
$acl = $ui->get_permissions($acl_dn, "ldapmanager/ldif");
if (!preg_match("/r/", $acl)) {
msg_dialog::display(_("Permission error"), _("You have no permission to do LDAP exports!"), FATAL_ERROR_DIALOG);
exit;
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
header("Cache-Control: post-check=0, pre-check=0");
header("Content-type: text/plain");
switch ($_GET['ivbb']) {
case 2:
dump_ldap(2);
break;
case 3:
dump_ldap(3);
break;
$tls = $config->get_cfg_value("ldapTLS") == "TRUE";
if (!count($ldap->get_objectclasses())) {
msg_dialog::display(_("LDAP error"), _("Cannot detect information about the installed LDAP schema!"), ERROR_DIALOG);
displayLogin();
exit;
} else {
$cfg = array();
$cfg['admin'] = $config->current['ADMINDN'];
$cfg['password'] = $config->current['ADMINPASSWORD'];
$cfg['connection'] = $config->current['SERVER'];
$cfg['tls'] = $tls;
$str = check_schema($cfg);
$checkarr = array();
foreach ($str as $tr) {
if (isset($tr['IS_MUST_HAVE']) && !$tr['STATUS']) {
msg_dialog::display(_("LDAP error"), _("Your LDAP setup contains old schema definitions:") . "<br><br><i>" . $tr['MSG'] . "</i>", ERROR_DIALOG);
displayLogin();
exit;
}
}
}
}
/* Check for locking area */
$ldap->cat(get_ou('lockRDN') . get_ou('fusiondirectoryRDN') . $config->current['BASE'], array('dn'));
$attrs = $ldap->fetch();
if (!count($attrs)) {
$ldap->cd($config->current['BASE']);
$ldap->create_missing_trees(get_ou('lockRDN') . get_ou('fusiondirectoryRDN') . $config->current['BASE']);
}
/* Check for valid input */
$username = trim($_POST['username']);
$ssl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
}
}
/* If SSL is forced, just forward to the SSL enabled site */
if ($config->get_cfg_value("core", "forceSSL") == 'true' && $ssl != '') {
header("Location: {$ssl}");
exit;
}
/* Check for selected password method */
$method = $config->get_cfg_value("core", "passwordDefaultHash");
if (isset($_GET['method'])) {
$method = validate($_GET['method']);
$tmp = new passwordMethod($config, "dummy");
$available = $tmp->get_available_methods();
if (!isset($available[$method])) {
msg_dialog::display(_("Password method"), _("Error: Password method not available!"), FATAL_ERROR_DIALOG);
exit;
}
}
/* Check for selected user... */
if (isset($_GET['uid']) && $_GET['uid'] != "") {
$uid = validate($_GET['uid']);
$smarty->assign('display_username', false);
} elseif (isset($_POST['uid'])) {
$uid = get_post('uid');
$smarty->assign('display_username', true);
} else {
$uid = "";
$smarty->assign('display_username', true);
}
$current_password = "";
if (is_file("{$plugin_dir}/main.inc")) {
$display = "";
require "{$plugin_dir}/main.inc";
} else {
msg_dialog::display(_("Plug-in"), sprintf(_("Fatal error: Cannot find any plugin definitions for plugin %s!"), bold($plug)), FATAL_ERROR_DIALOG);
exit;
}
/* Print_out last ErrorMessage repeated string. */
$smarty->assign("msg_dialogs", msg_dialog::get_dialogs());
$smarty->assign("pathMenu", $plist->genPathMenu());
$smarty->assign("contents", $display);
$smarty->assign("sessionLifetime", $config->get_cfg_value('core', 'sessionLifetime'));
/* If there's some post, take a look if everything is there... */
if (isset($_POST) && count($_POST)) {
if (!isset($_POST['php_c_check'])) {
msg_dialog::display(_("Warning"), _("Not all POST variables have been transfered by PHP - Returning to main menu!"), INFO_DIALOG);
header("Location: main.php");
exit;
}
}
/* Assign erros to smarty */
if (session::is_set('errors')) {
$smarty->assign("errors", session::get('errors'));
}
if ($error_collector != "") {
$smarty->assign("php_errors", preg_replace("/%BUGBODY%/", $error_collector_mailto, $error_collector) . "</div>");
} else {
$smarty->assign("php_errors", "");
}
/* Set focus to the error button if we've an error message */
$focus = "";
session::start();
session::global_set('debugLevel', 1);
session::set('errorsAlreadyPosted', array());
/* Attribute initialization, reset errors */
session::set('errors', "");
session::set('errorsAlreadyPosted', array());
session::set('LastError', "");
$smarty->compile_dir = "/var/spool/gosa/";
if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))) {
if (isset($_SERVER['SCRIPT_FILENAME'])) {
$smarty->compile_dir = preg_replace("#/html/.*\$#", "", $_SERVER['SCRIPT_FILENAME']);
}
}
/* Check for compile directory */
if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))) {
msg_dialog::display(_("Smarty"), sprintf(_("Compile directory %s is not accessible!"), bold('/var/spool/gosa/')), FATAL_ERROR_DIALOG);
exit;
}
/* Get posted language */
if (!session::global_is_set('lang')) {
session::global_set('lang', get_browser_language());
}
if (isset($_POST['lang_selected'])) {
if ($_POST['lang_selected'] != "") {
session::global_set('lang', $_POST['lang_selected']);
} else {
session::global_set('lang', get_browser_language());
}
}
/* Check for js */
if (!isset($_GET['js']) && !session::global_is_set('js')) {
/* Set cookie lifetime to one day (The parameter is in seconds ) */
session_set_cookie_params(24 * 60 * 60);
session_cache_expire(60 * 24);
// default is 180
ini_set("session.gc_maxlifetime", 24 * 60 * 60);
/* Start session */
session::start();
session::global_set('DEBUGLEVEL', 0);
session::set('errorsAlreadyPosted', array());
/* Attribute initialization, reset errors */
reset_errors();
/* Set template compile directory */
$smarty->compile_dir = SPOOL_DIR;
/* Check for compile directory */
if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))) {
msg_dialog::display(_("Smarty"), sprintf(_("Directory '%s' specified as compile directory is not accessible!"), $smarty->compile_dir), FATAL_ERROR_DIALOG);
exit;
}
/* Get posted language */
if (isset($_POST['lang_selected']) && $_POST['lang_selected'] != "") {
$lang = $_POST['lang_selected'];
/* Append .UTF-8 to language string if necessary */
if (!preg_match("/utf(-)8\$/i", $lang)) {
$lang .= ".UTF-8";
}
} else {
$lang = get_browser_language();
}
initLanguage($lang);
$smarty->assign("rtl", language_is_rtl($lang));
$smarty->assign("must", '<span class="must">*</span>');
$username = get_post("username");
if (!preg_match("/^[@A-Za-z0-9_.-]+\$/", $username)) {
$message = _("Please specify a valid user name!");
$ok = false;
} elseif (mb_strlen(get_post("password"), 'UTF-8') == 0) {
$message = _("Please specify your password!");
$smarty->assign('nextfield', 'password');
$ok = false;
}
}
if ($ok) {
/* Login as user, initialize user ACL's */
if ($htaccess_authenticated) {
$ui = ldap_login_user_htaccess($username);
if ($ui === NULL || !$ui) {
msg_dialog::display(_("Authentication error"), _("Cannot retrieve user information for HTTP authentication!"), FATAL_ERROR_DIALOG);
exit;
}
} else {
$ui = ldap_login_user($username, get_post("password"));
}
if ($ui === NULL || !$ui) {
$message = _("Please check the username/password combination!");
$smarty->assign('nextfield', 'password');
session::global_set('config', $config);
new log("security", "login", "", array(), "Authentication failed for a user");
} else {
/* Remove all locks of this user */
del_user_locks($ui->dn);
/* Save userinfo and plugin structure */
session::global_set('ui', $ui);
