FIX: now the variables accept BASEDN and UID options for LDAP Configu…

…ration. These are required, however, there is also a more specific Description to assist the users

src/inc/Login.class.php

@@ -15,13 +15,13 @@ class Login {
   private $valid = false;
   /** @var Session $session */
   private $session = null;
-  
+
   private static $instance = null;
-  
+
   public function setUser($user) {
     $this->user = $user;
   }
-  
+
   /**
    * Get an instance of the Login class
    * @return Login
@@ -32,7 +32,7 @@ public static function getInstance() {
     }
     return self::$instance;
   }
-  
+
   /**
    * Creates a Login-Instance and checks automatically if there is a session
    * running. It updates the session lifetime again up to the session limit.
@@ -62,14 +62,14 @@ private function __construct() {
       }
     }
   }
-  
+
   /**
    * Returns true if the user currently is loggedin with a valid session
    */
   public function isLoggedin() {
     return $this->valid;
   }
-  
+
   /**
    * Logs the current user out and closes his session
    */
@@ -80,7 +80,7 @@ public function logout() {
     $this->valid = false;
     setcookie("session", false, time() - 600);
   }
-  
+
   /**
    * Returns the uID of the currently logged in user, if the user is not logged
    * in, the uID will be -1
@@ -91,14 +91,14 @@ public function getUserID() {
     }
     return $this->user->getId();
   }
-  
+
   public function getUser() {
     if (!$this->valid) {
       return null;
     }
     return $this->user;
   }
-  
+
   /**
    * Executes a login with given username and password (plain)
    *
@@ -113,24 +113,25 @@ public function login($username, $password, $otp = NULL) {
       return false;
     }
     $filter = new QueryFilter(User::USERNAME, $username, "=");
-    
+
     $check = Factory::getUserFactory()->filter([Factory::FILTER => $filter]);
     if ($check === null || sizeof($check) == 0) {
       return false;
     }
     $user = $check[0];
-    
+
     if ($user->getIsValid() != 1) {
       return false;
     }
     else if ($user->getIsLDAP() == 1) {
-      $domain = SConfig::getInstance()->getVal(DConfig::LDAP_DOMAIN);
+      $basedn = SConfig::getInstance()->getVal(DConfig::LDAP_BASEDN);
+      $uid = SConfig::getInstance()->getVal(DConfig::LDAP_UID);
       $ldap_conn = ldap_connect(SConfig::getInstance()->getVal(DConfig::LDAP_SERVER));
       $ldapbind=false;
       if(ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3))
          if(ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0))
             if(ldap_start_tls($ldap_conn))
-              $ldapbind = @ldap_bind($ldap_conn, $username."@".$domain, $password);
+              $ldapbind = @ldap_bind($ldap_conn, $uid."=".$username.",".$basedn, $password);
       ldap_close($ldap_conn);
       if (!$ldapbind) {
         Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::WARN, "Failed LDAP login attempt due to wrong password!");
@@ -141,23 +142,23 @@ public function login($username, $password, $otp = NULL) {
     }
     else if (!Encryption::passwordVerify($password, $user->getPasswordSalt(), $user->getPasswordHash())) {
       Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::WARN, "Failed login attempt due to wrong password!");
-      
+
       $payload = new DataSet(array(DPayloadKeys::USER => $user));
       NotificationHandler::checkNotifications(DNotificationType::USER_LOGIN_FAILED, $payload);
       return false;
     }
     $this->user = $user;
     /****** End check password ******/
-    
+
     /***** Check Yubikey *****/
     if ($user->getYubikey() == true && Util::isYubikeyEnabled() && sizeof(SConfig::getInstance()->getVal(DConfig::YUBIKEY_ID)) != 0 && sizeof(SConfig::getInstance()->getVal(DConfig::YUBIKEY_KEY) != 0)) {
       $keyId = substr($otp, 0, 12);
-      
+
       if (strtoupper($user->getOtp1()) != strtoupper($keyId) && strtoupper($user->getOtp2()) != strtoupper($keyId) && strtoupper($user->getOtp3()) != strtoupper($keyId) && strtoupper($user->getOtp4()) != strtoupper($keyId)) {
         Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::WARN, "Failed Yubikey login attempt due to wrong keyId!");
         return false;
       }
-      
+
       $useHttps = true;
       $urlOTP = SConfig::getInstance()->getVal(DConfig::YUBIKEY_URL);
       if (!empty($urlOTP) && $_url = parse_url($urlOTP)) {
@@ -170,14 +171,14 @@ public function login($username, $password, $otp = NULL) {
         }
         $urlPart .= $_url['path'];
       }
-      
+
       $yubi = new Auth_Yubico(SConfig::getInstance()->getVal(DConfig::YUBIKEY_ID), SConfig::getInstance()->getVal(DConfig::YUBIKEY_KEY), $useHttps, true);
-      
+
       if (!empty($urlPart)) {
         $yubi->addURLpart($urlPart);
       }
       $auth = $yubi->verify($otp);
-      
+
       if (PEAR::isError($auth)) {
         Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::WARN, "Failed login attempt due to wrong Yubikey OTP!");
         return false;
@@ -187,9 +188,9 @@ public function login($username, $password, $otp = NULL) {
       return false;
     }
     /****** End check Yubikey ******/
-    
+
     // At this point the user is authenticated successfully, so the session can be created.
-    
+
     /****** Create session ******/
     $startTime = time();
     $session = new Session(null, $this->user->getId(), $startTime, $startTime, 1, $this->user->getSessionLifetime(), "");
@@ -200,7 +201,7 @@ public function login($username, $password, $otp = NULL) {
     $sessionKey = Encryption::sessionHash($session->getId(), $startTime, $user->getEmail());
     Factory::getSessionFactory()->set($session, Session::SESSION_KEY, $sessionKey);
     Factory::getUserFactory()->set($this->user, User::LAST_LOGIN_DATE, time());
-    
+
     $this->valid = true;
     Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::INFO, "Successful login!");
     setcookie("session", "$sessionKey", time() + $this->user->getSessionLifetime(), "", "", false, true);

src/inc/defines/config.php

@@ -11,13 +11,13 @@ class DConfigType {
 class DConfigAction {
   const UPDATE_CONFIG      = "updateConfig";
   const UPDATE_CONFIG_PERM = DAccessControl::SERVER_CONFIG_ACCESS;
-  
+
   const REBUILD_CACHE      = "rebuildCache";
   const REBUILD_CACHE_PERM = DAccessControl::SERVER_CONFIG_ACCESS;
-  
+
   const RESCAN_FILES      = "rescanFiles";
   const RESCAN_FILES_PERM = DAccessControl::SERVER_CONFIG_ACCESS;
-  
+
   const CLEAR_ALL      = "clearAll";
   const CLEAR_ALL_PERM = DAccessControl::SERVER_CONFIG_ACCESS;
 }
@@ -54,16 +54,17 @@ class DConfig {
   const HASHCAT_BRAIN_PASS     = "hashcatBrainPass";
   const HASHLIST_IMPORT_CHECK  = "hashlistImportCheck";
   const HC_ERROR_IGNORE        = "hcErrorIgnore";
-  
+
   // Section: Yubikey
   const YUBIKEY_ID  = "yubikey_id";
   const YUBIKEY_KEY = "yubikey_key";
   const YUBIKEY_URL = "yubikey_url";
 
   // Section: LDAP
   const LDAP_SERVER = "ldap_server";
-  const LDAP_DOMAIN = "ldap_domain";  
-
+  const LDAP_BASEDN = "ldap_basedn";
+  const LDAP_UID = "ldap_uid";
+
   // Section: Finetuning
   const HASHES_PAGE_SIZE           = "pagingSize";
   const NUMBER_LOGENTRIES          = "numLogEntries";
@@ -72,7 +73,7 @@ class DConfig {
   const HASH_MAX_LENGTH            = "hashMaxLength";
   const MAX_HASHLIST_SIZE          = "maxHashlistSize";
   const UAPI_SEND_TASK_IS_COMPLETE = "uApiSendTaskIsComplete";
-  
+
   // Section: UI
   const TIME_FORMAT            = "timefmt";
   const DONATE_OFF             = "donateOff";
@@ -87,7 +88,7 @@ class DConfig {
   const AGENT_TEMP_THRESHOLD_2 = "agentTempThreshold2";
   const AGENT_UTIL_THRESHOLD_1 = "agentUtilThreshold1";
   const AGENT_UTIL_THRESHOLD_2 = "agentUtilThreshold2";
-  
+
   // Section: Server
   const BASE_URL          = "baseUrl";
   const BASE_HOST         = "baseHost";
@@ -98,20 +99,20 @@ class DConfig {
   const S_NAME            = "jeSuisHashtopussy";
   const SERVER_LOG_LEVEL  = "serverLogLevel";
   const ALLOW_DEREGISTER  = "allowDeregister";
-  
+
   // Section: Multicast
   const MULTICAST_ENABLE    = "multicastEnable";
   const MULTICAST_DEVICE    = "multicastDevice";
   const MULTICAST_TR_ENABLE = "multicastTransferRateEnable";
   const MULTICAST_TR        = "multicastTranserRate";
-  
+
   // Section: Notifications
   const NOTIFICATIONS_PROXY_ENABLE = "notificationsProxyEnable";
   const TELEGRAM_BOT_TOKEN         = "telegramBotToken";
   const NOTIFICATIONS_PROXY_SERVER = "notificationsProxyServer";
   const NOTIFICATIONS_PROXY_PORT   = "notificationsProxyPort";
   const NOTIFICATIONS_PROXY_TYPE   = "notificationsProxyType";
-  
+
   static function getConstants() {
     try {
       $oClass = new ReflectionClass(__CLASS__);
@@ -121,7 +122,7 @@ static function getConstants() {
     }
     return $oClass->getConstants();
   }
-  
+
   /**
    * Gives the selection for the configuration values which are selections.
    * @param string $config
@@ -150,7 +151,7 @@ public static function getSelection($config) {
     }
     return new DataSet(["Not found!"]);
   }
-  
+
   /**
    * Gives the format which a config input should have. Default is string if it's not a known config.
    * @param $config string
@@ -279,7 +280,7 @@ public static function getConfigType($config) {
     }
     return DConfigType::STRING_INPUT;
   }
-  
+
   /**
    * @param $config string
    * @return string
@@ -321,9 +322,11 @@ public static function getConfigDescription($config) {
       case DConfig::YUBIKEY_URL:
         return "Yubikey API URL.";
       case DConfig::LDAP_SERVER:
-        return "LDAP Server.";
-      case DConfig::LDAP_DOMAIN:
-        return "LDAP Domain.";
+        return "LDAP Server. ldap://example.com:389, ldaps://example.com:636";
+      case DConfig::LDAP_BASEDN:
+        return "LDAP BaseDN. cn=users,cn=accounts,dc=example,dc=com";
+      case DConfig::LDAP_UID:
+        return "LDAP UID. User identifier. Commonly uid or cn.";
       case DConfig::BASE_HOST:
         return "Base hostname/port/protocol to use. Only fill this in to override the auto-determined value.";
       case DConfig::DONATE_OFF:

src/install/hashtopolis.sql

@@ -172,7 +172,8 @@ INSERT INTO `Config` (`configId`, `configSectionId`, `item`, `value`) VALUES
   (76, 3, 'uApiSendTaskIsComplete', '0'),
   (77, 1, 'hcErrorIgnore', 'DeviceGetFanSpeed'),
   (78, 8, 'ldap_server', ''),
-  (79, 8, 'ldap_domain', '');
+  (79, 8, 'ldap_basedn', ''),
+  (80, 8, 'ldap_uid', '');
 
 
 CREATE TABLE `ConfigSection` (
@@ -761,7 +762,7 @@ CREATE TABLE `TaskDebugOutput` (
   `taskId`            INT(11)      NOT NULL,
   `output`            VARCHAR(256) NOT NULL
 ) ENGINE=InnoDB;
- 
+
 CREATE TABLE `TaskWrapper` (
   `taskWrapperId`   INT(11)      NOT NULL,
   `priority`        INT(11)      NOT NULL,
@@ -971,10 +972,10 @@ ALTER TABLE `HashlistHashlist`
 ALTER TABLE `HashType`
   ADD PRIMARY KEY (`hashTypeId`);
 
-ALTER TABLE `HealthCheck` 
+ALTER TABLE `HealthCheck`
   ADD PRIMARY KEY (`healthCheckId`);
 
-ALTER TABLE `HealthCheckAgent` 
+ALTER TABLE `HealthCheckAgent`
   ADD PRIMARY KEY (`healthCheckAgentId`);
 
 ALTER TABLE `LogEntry`
@@ -1119,10 +1120,10 @@ ALTER TABLE `Hashlist`
 ALTER TABLE `HashlistHashlist`
   MODIFY `hashlistHashlistId` INT(11) NOT NULL AUTO_INCREMENT;
 
-ALTER TABLE `HealthCheck` 
+ALTER TABLE `HealthCheck`
   MODIFY `healthCheckId` INT(11) NOT NULL AUTO_INCREMENT;
 
-ALTER TABLE `HealthCheckAgent` 
+ALTER TABLE `HealthCheckAgent`
   MODIFY `healthCheckAgentId` INT(11) NOT NULL AUTO_INCREMENT;
 
 ALTER TABLE `LogEntry`