Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-13 20:06:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

* [ADD] Added TLS option for LDAP connection. Closes #936

Browse Source 
Signed-off-by: nuxsmin <nuxsmin@syspass.org>
This commit is contained in:
nuxsmin
2018-09-09 23:55:48 +02:00
parent 18c750bd25
commit febc796e34
5 changed files with 111 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/modules/web/Controllers/ConfigLdapController.php
View File

@@ -72,6 +72,7 @@ final class ConfigLdapController extends SimpleControllerBase
if ($ldapEnabled) {
$configData->setLdapEnabled(true);
$configData->setLdapAds($ldapParams->isAds());
$configData->setLdapTlsEnabled($ldapParams->isTlsEnabled());
$configData->setLdapServer($ldapParams->getServer());
$configData->setLdapBase($ldapParams->getSearchBase());
$configData->setLdapGroup($ldapParams->getGroup());
@@ -121,7 +122,8 @@ final class ConfigLdapController extends SimpleControllerBase
->setGroup($this->request->analyzeString('ldap_group'))
->setBindDn($this->request->analyzeString('ldap_binduser'))
->setBindPass($this->request->analyzeEncrypted('ldap_bindpass'))
->setAds($this->request->analyzeBool('ldap_ads_enabled', false));
->setAds($this->request->analyzeBool('ldap_ads_enabled', false))
->setTlsEnabled($this->request->analyzeBool('ldap_tls_enabled', false));
}
/**

17
app/modules/web/themes/material-blue/views/config/ldap.inc
View File

@@ -66,6 +66,23 @@
</span>
</li>
<li class="mdl-list__item mdl-list__item--two-line">
<div class="mdl-switch__box">
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="ldap_tls_enabled">
<input type="checkbox" id="ldap_tls_enabled"
class="mdl-switch__input"
name="ldap_tls_enabled" <?php echo $configData->isLdapTlsEnabled() ? 'checked' : ''; ?>/>
</label>
</div>
<span class="mdl-list__item-primary-content">
<span><?php echo __('TLS'); ?></span>
<span class="mdl-list__item-sub-title">
<?php echo __('Habilita la conexión mediante TLS.'); ?>
</span>
</span>
</li>
</ul>
</td>
</tr>

20
lib/SP/Config/ConfigData.php
View File

@@ -389,6 +389,10 @@ final class ConfigData implements JsonSerializable
* @var int
*/
private $accountExpireTime = 10368000;
/**
* @var bool
*/
private $ldapTlsEnabled = false;
/**
* @return array
@@ -2145,4 +2149,20 @@ final class ConfigData implements JsonSerializable
return $this;
}
/**
* @return bool
*/
public function isLdapTlsEnabled(): bool
{
return (bool)$this->ldapTlsEnabled;
}
/**
* @param bool $ldapTlsEnabled
*/
public function setLdapTlsEnabled(bool $ldapTlsEnabled)
{
$this->ldapTlsEnabled = (int)$ldapTlsEnabled;
}
}

62
lib/SP/Providers/Auth/Ldap/LdapConnection.php
View File

@@ -57,6 +57,10 @@ final class LdapConnection implements LdapConnectionInterface
* @var bool
*/
private $isBound = false;
/**
* @var bool
*/
private $isTls;
/**
* @var bool
*/
@@ -132,7 +136,7 @@ final class LdapConnection implements LdapConnectionInterface
// Conexión al servidor LDAP
if (!is_resource($this->ldapHandler)) {
$this->eventDispatcher->notifyEvent('ldap.connection',
$this->eventDispatcher->notifyEvent('ldap.connect',
new Event($this, EventMessage::factory()
->addDescription(__u('No es posible conectar con el servidor de LDAP'))
->addDetail(__u('Servidor'), $this->ldapParams->getServer()))
@@ -144,6 +148,8 @@ final class LdapConnection implements LdapConnectionInterface
@ldap_set_option($this->ldapHandler, LDAP_OPT_NETWORK_TIMEOUT, self::TIMEOUT);
@ldap_set_option($this->ldapHandler, LDAP_OPT_PROTOCOL_VERSION, 3);
$this->isTls = $this->connectTls();
return true;
}
@@ -160,13 +166,51 @@ final class LdapConnection implements LdapConnectionInterface
) {
$this->eventDispatcher->notifyEvent('ldap.check.params',
new Event($this, EventMessage::factory()
->addDescription(__u('Los parámetros de LDAP no están configurados')))
);
->addDescription(__u('Los parámetros de LDAP no están configurados'))));
throw new LdapException(__u('Los parámetros de LDAP no están configurados'));
}
}
/**
* Connect through TLS
*
* @throws LdapException
*/
private function connectTls(): bool
{
if ($this->ldapParams->isTlsEnabled()) {
$result = @ldap_start_tls($this->ldapHandler);
if ($result === false) {
$this->eventDispatcher->notifyEvent('ldap.connect.tls',
new Event($this, EventMessage::factory()
->addDescription(__u('No es posible conectar con el servidor de LDAP'))
->addDetail(__u('Servidor'), $this->ldapParams->getServer())
->addDetail(__u('TLS'), __u('ON'))
->addDetail(__u('LDAP ERROR'), self::getLdapErrorMessage($this->ldapHandler))));
throw new LdapException(__u('No es posible conectar con el servidor de LDAP'));
}
return true;
}
return false;
}
/**
* Registrar error de LDAP y devolver el mensaje de error
*
* @param $ldapHandler
*
* @return string
*/
public static function getLdapErrorMessage($ldapHandler)
{
return sprintf('%s (%d)', ldap_error($ldapHandler), ldap_errno($ldapHandler));
}
/**
* Realizar la autentificación con el servidor de LDAP.
*
@@ -200,18 +244,6 @@ final class LdapConnection implements LdapConnectionInterface
return true;
}
/**
* Registrar error de LDAP y devolver el mensaje de error
*
* @param $ldapHandler
*
* @return string
*/
public static function getLdapErrorMessage($ldapHandler)
{
return sprintf('%s (%d)', ldap_error($ldapHandler), ldap_errno($ldapHandler));
}
/**
* @return int
*/

24
lib/SP/Providers/Auth/Ldap/LdapParams.php
View File

@@ -61,6 +61,10 @@ final class LdapParams
* @var bool
*/
protected $ads;
/**
* @var bool
*/
protected $tlsEnabled;
/**
* Devolver el puerto del servidor si está establecido
@@ -210,4 +214,24 @@ final class LdapParams
return $this;
}
/**
* @return bool
*/
public function isTlsEnabled(): bool
{
return $this->tlsEnabled;
}
/**
* @param bool $tlsEnabled
*
* @return LdapParams
*/
public function setTlsEnabled(bool $tlsEnabled)
{
$this->tlsEnabled = $tlsEnabled;
return $this;
}
}