From b1fdd0f5d4c32ed9dd60a26b6cc2591ea3ebe1aa Mon Sep 17 00:00:00 2001
From: kkalev <kkalev>
Date: Sat, 7 Sep 2002 20:46:41 +0000
Subject: [PATCH] * If an sql attribute is not contained in sql, assume that it
 has the same name as in dialup_admin and that   it is a reply item. Add a
 comment for that in conf/sql.attrmap. * Change the way radius attributes are
 read from the sql database. The change should make things somewhat   faster.
 Create a reverse mapping from radius attributes to dialup_admin attributes. *
 Add a configuration directive called ldap_use_http_credentials. If it is set
 to yes then we try to   connect to the ldap server with the username/password
 given in http authentication, not those contained   in admin.conf. That way
 multiple admins with different permissions on the ldap tree can work on a
 single   dialup_admin. * With the same logic we allow for multiple buttons
 html pages. We now create a folder html/buttons which   by default contains a
 folder default. If the user logs in with http authentication then we try   to
 open the file html/buttons/<username>/buttons.html.php3. If we can't we open 
  html/buttons/default/buttons.html.php3. That way we can create muiltiple
 views of say the online users   page based on which admin requests the page.

---
 Changelog                                     | 15 +++++++++-
 conf/admin.conf                               | 11 +++++++
 conf/sql.attrmap                              |  3 ++
 htdocs/buttons.php3                           | 15 ++++++++++
 htdocs/index.html                             |  2 +-
 .../buttons/default/buttons.html.php3         |  4 +++
 lib/ldap/change_attrs.php3                    |  4 +--
 lib/ldap/change_info.php3                     |  3 +-
 lib/ldap/change_passwd.php3                   |  3 +-
 lib/ldap/create_user.php3                     |  3 +-
 lib/ldap/defaults.php3                        |  3 +-
 lib/ldap/delete_user.php3                     |  3 +-
 lib/ldap/find.php3                            |  3 +-
 lib/ldap/functions.php3                       | 30 ++++++++++++++++++-
 lib/ldap/password_check.php3                  |  1 -
 lib/ldap/user_info.php3                       |  3 +-
 lib/sql/attrmap.php3                          |  1 +
 lib/sql/change_attrs.php3                     |  5 ++++
 lib/sql/create_group.php3                     |  9 ++++--
 lib/sql/create_user.php3                      |  9 ++++--
 lib/sql/defaults.php3                         | 13 ++++++--
 lib/sql/find.php3                             |  4 +++
 lib/sql/group_info.php3                       | 14 +++++++--
 lib/sql/user_info.php3                        | 14 +++++++--
 24 files changed, 150 insertions(+), 25 deletions(-)
 create mode 100644 htdocs/buttons.php3
 rename htdocs/buttons.html => html/buttons/default/buttons.html.php3 (96%)

diff --git a/Changelog b/Changelog
index 9c21533..09a85e6 100644
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,4 @@
-Ver 1.56:
+Ver 1.60:
 * Small html fixes in user_edit.php3 and password.php3
 * Show number of failed logins in the last 7 days in the user admin page
 * Show date in the user/server test page
@@ -20,6 +20,19 @@ Ver 1.56:
   after the user tables. As a result user values should in general overwrite default values.
 * Add support for the default_user_profile of the sql module in lib/sql/defaults.php3
 * In sql.attrmap User-Password should map to User-Password, not Password
+* If an sql attribute is not contained in sql, assume that it has the same name as in dialup_admin and that
+  it is a reply item. Add a comment for that in conf/sql.attrmap.
+* Change the way radius attributes are read from the sql database. The change should make things somewhat
+  faster. Create a reverse mapping from radius attributes to dialup_admin attributes.
+* Add a configuration directive called ldap_use_http_credentials. If it is set to yes then we try to
+  connect to the ldap server with the username/password given in http authentication, not those contained
+  in admin.conf. That way multiple admins with different permissions on the ldap tree can work on a single
+  dialup_admin.
+* With the same logic we allow for multiple buttons html pages. We now create a folder html/buttons which
+  by default contains a folder default. If the user logs in with http authentication then we try
+  to open the file html/buttons/<username>/buttons.html.php3. If we can't we open
+  html/buttons/default/buttons.html.php3. That way we can create muiltiple views of say the online users
+  page based on which admin requests the page.
 Ver 1.55:
 * Update the FAQ about missing attributes from the user/group edit pages and add a few comments
   in the configuration files
diff --git a/conf/admin.conf b/conf/admin.conf
index 47393a8..2fbc503 100644
--- a/conf/admin.conf
+++ b/conf/admin.conf
@@ -78,6 +78,17 @@ ldap_bindpw: XXXXXXX
 ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}
 ldap_default_dn: uid=default-dialup,%{ldap_base}
 ldap_regular_profile_attr: dialupregularprofile
+#
+# If set to yes then the HTTP credentials (http authentication)
+# will be used to bind to the ldap server instead of ldap_binddn
+# and ldap_bindpw. That way multiple admins with different rights
+# on the ldap database can connect through one dialup_admin interface.
+# The ldap_binddn and ldap_bindpw are still needed to find the DN
+# to bind with (http authentication will only provide us with a
+# username). As a result the ldap_binddn should be able to do a search
+# with a filter of (uid=<username>). Normally, the anonymous (empty DN)
+# user can do that.
+#ldap_use_http_credentials: yes
 
 #
 # can be one of mysql,pg where:
diff --git a/conf/sql.attrmap b/conf/sql.attrmap
index b828c76..9a41e37 100644
--- a/conf/sql.attrmap
+++ b/conf/sql.attrmap
@@ -2,6 +2,9 @@
 # A mapping between the attributes used by dialup_admin and the attribute
 # names that will be stored in the SQL database
 #
+# Attributes that are not contained in this file are assumed to be reply
+# items and map to the same name as the one used by dialup_admin
+#
 # Format:
 # checkItem|replyItem	Attribute-In-Dialup-Admin	Attribute-In-SQL
 #
diff --git a/htdocs/buttons.php3 b/htdocs/buttons.php3
new file mode 100644
index 0000000..12c2c32
--- /dev/null
+++ b/htdocs/buttons.php3
@@ -0,0 +1,15 @@
+<?php
+$auth_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"];
+if ($auth_user){
+	if (is_file("../html/buttons/$auth_user/buttons.html.php3"))
+		include("../html/buttons/$auth_user/buttons.html.php3");
+	else{
+		if (is_file("../html/buttons/default/buttons.html.php3"))
+			include("../html/buttons/default/buttons.html.php3");
+	}
+}
+else{	
+	if (is_file("../html/buttons/default/buttons.html.php3"))
+		include("../html/buttons/default/buttons.html.php3");
+}
+?>
diff --git a/htdocs/index.html b/htdocs/index.html
index e08c94e..b05a435 100644
--- a/htdocs/index.html
+++ b/htdocs/index.html
@@ -4,7 +4,7 @@
 dialup administration</title>
 </head>
 	<frameset cols="122,*" border="0" frameborder="0" framespacing="0">
-		<frame	name="buttons" src="buttons.html" marginwidth="8"
+		<frame	name="buttons" src="buttons.php3" marginwidth="8"
 			marginheight="8" noresize >
 		<frame	name="content" src="content.html" marginwidth="8"
 			marginheight="8" >
diff --git a/htdocs/buttons.html b/html/buttons/default/buttons.html.php3
similarity index 96%
rename from htdocs/buttons.html
rename to html/buttons/default/buttons.html.php3
index 0314494..49ab0b2 100644
--- a/htdocs/buttons.html
+++ b/html/buttons/default/buttons.html.php3
@@ -18,6 +18,10 @@ function myout(a) {
 <tr><td align=center>
 <img src="images/logo2.gif" vspace=2>
 </td></tr>
+<?php
+if ($HTTP_SERVER_VARS["PHP_AUTH_USER"])
+	echo "<tr valign=top><td align=center><b>Logged in as " . $HTTP_SERVER_VARS["PHP_AUTH_USER"] . "...</b><br><br></td></tr>\n";
+?>
 <tr bgcolor="black" valign=top><td>
 <table border=0 width=100% cellpadding=2 cellspacing=0>
 <tr bgcolor="#907030" align=center valign=top><th>
diff --git a/lib/ldap/change_attrs.php3 b/lib/ldap/change_attrs.php3
index 5d03a60..937d70c 100644
--- a/lib/ldap/change_attrs.php3
+++ b/lib/ldap/change_attrs.php3
@@ -1,8 +1,8 @@
 <?php
-require('../lib/functions.php3');
+require_once('../lib/ldap/functions.php3');
 	$ds = @ldap_connect($config[ldap_server]);
 	if ($ds){
-		$r = @ldap_bind($ds,"$config[ldap_binddn]",$config[ldap_bindpw]);
+		$r = @da_ldap_bind($ds,$config);
 		if ($r){
 
 			foreach($show_attrs as $key => $attr){
diff --git a/lib/ldap/change_info.php3 b/lib/ldap/change_info.php3
index a4d4188..d41a414 100644
--- a/lib/ldap/change_info.php3
+++ b/lib/ldap/change_info.php3
@@ -1,7 +1,8 @@
 <?php
+require_once('../lib/ldap/functions.php3');
 	$ds = @ldap_connect($config[ldap_server]);
 	if ($ds){
-		$r = @ldap_bind($ds,"$config[ldap_binddn]",$config[ldap_bindpw]);
+		$r = @da_ldap_bind($ds,$config);
 		if ($r){
 			if ($Fcn != '' && $Fcn != '-' && $Fcn != $cn)
 				$mod['cn'] = $Fcn;
diff --git a/lib/ldap/change_passwd.php3 b/lib/ldap/change_passwd.php3
index b032cdd..48dc4a0 100644
--- a/lib/ldap/change_passwd.php3
+++ b/lib/ldap/change_passwd.php3
@@ -1,7 +1,8 @@
 <?php
+require_once('../lib/ldap/functions.php3');
 	$ds = @ldap_connect($config[ldap_server]);
 	if ($ds){
-		$r = @ldap_bind($ds,"$config[ldap_binddn]",$config[ldap_bindpw]);
+		$r = @da_ldap_bind($ds,$config);
 		if ($r){
 			if (is_file("../lib/crypt/$config[general_encryption_method].php3")){
 				include("../lib/crypt/$config[general_encryption_method].php3");
diff --git a/lib/ldap/create_user.php3 b/lib/ldap/create_user.php3
index 1115e6f..d64fe0e 100644
--- a/lib/ldap/create_user.php3
+++ b/lib/ldap/create_user.php3
@@ -1,7 +1,8 @@
 <?php
+require_once('../lib/ldap/functions.php3');
 	$ds = @ldap_connect($config[ldap_server]);
 	if ($ds){
-		$r = @ldap_bind($ds,"$config[ldap_binddn]",$config[ldap_bindpw]);
+		$r = @da_ldap_bind($ds,$config);
 		if ($r){
 			list ($givenname,$sn) = split(' ',$Fcn,3);
 			$dn = 'uid=' . $login . ',' . $config[ldap_default_new_entry_suffix];
diff --git a/lib/ldap/defaults.php3 b/lib/ldap/defaults.php3
index e37e2cd..4169d8a 100644
--- a/lib/ldap/defaults.php3
+++ b/lib/ldap/defaults.php3
@@ -1,10 +1,11 @@
 <?php
+require_once('../lib/ldap/functions.php3');
 if ($config[ldap_default_dn] != ''){
 	include('../lib/ldap/attrmap.php3');
 	$regular_profile_attr = $config[ldap_regular_profile_attr];
 	$ds=@ldap_connect("$config[ldap_server]");  // must be a valid ldap server!
 	if ($ds) {
-       		$r=@ldap_bind($ds,"$config[ldap_binddn]",$config[ldap_bindpw]);
+       		$r=@da_ldap_bind($ds,$config);
        		$sr=@ldap_search($ds,"$config[ldap_default_dn]", 'objectclass=*');
        		if ($info = @ldap_get_entries($ds, $sr)){
        			$dn = $info[0]['dn'];
diff --git a/lib/ldap/delete_user.php3 b/lib/ldap/delete_user.php3
index 1d8aab2..052ab78 100644
--- a/lib/ldap/delete_user.php3
+++ b/lib/ldap/delete_user.php3
@@ -1,7 +1,8 @@
 <?php
+require_once('../lib/ldap/functions.php3');
 $ds = @ldap_connect($config[ldap_server]);
 if ($ds){
-	$r = @ldap_bind($ds,"$config[ldap_binddn]",$config[ldap_bindpw]);
+	$r = @da_ldap_bind($ds,$config);
 	if ($r){
 		@ldap_delete($ds,$dn);
 		if (@ldap_error($ds) == 'Success')
diff --git a/lib/ldap/find.php3 b/lib/ldap/find.php3
index fdf6ea4..5c6da52 100644
--- a/lib/ldap/find.php3
+++ b/lib/ldap/find.php3
@@ -1,7 +1,8 @@
 <?php
+require_once('../lib/ldap/functions.php3');
 $ds=@ldap_connect("$config[ldap_server]");  // must be a valid ldap server!
 if ($ds) {
-	$r=@ldap_bind($ds,"$config[ldap_binddn]",$config[ldap_bindpw]);
+	$r=@da_ldap_bind($ds,$config);
 	if ($search_IN == 'name' || $search_IN == 'ou')
 		$attr = ($search_IN == 'name') ? 'cn' : 'ou';
 	else if ($search_IN == 'radius'){
diff --git a/lib/ldap/functions.php3 b/lib/ldap/functions.php3
index 72805d8..d480bf3 100644
--- a/lib/ldap/functions.php3
+++ b/lib/ldap/functions.php3
@@ -1,9 +1,37 @@
 <?php
+function da_ldap_bind($ds,$config)
+{
+	if ($ds){
+		if ($config[ldap_use_http_credentials] == 'yes'){
+			global $HTTP_SERVER_VARS;
+			$din = $HTTP_SERVER_VARS["PHP_AUTH_USER"];
+			$pass = $HTTP_SERVER_VARS["PHP_AUTH_PW"];
+		}
+		if ($config[ldap_use_http_credentials] != 'yes' ||
+			($din == '' && $pass == '')){
+			$din = $config[ldap_binddn];
+			$pass = $config[ldap_bindpw];
+		}	
+		if (preg_match('/[\s,]/',$din))		// It looks like a dn
+			return @ldap_bind($ds,$din,$pass);
+		else{				// It's not a DN. Find a corresponding DN
+			$r=@ldap_bind($ds,"$config[ldap_binddn]",$config[ldap_bindpw]);
+			if ($r){
+				$sr=@ldap_search($ds,"$config[ldap_base]", 'uid=' . $din);
+				$info = @ldap_get_entries($ds, $sr);
+				$din = $info[0]['dn'];
+				if ($din != '')
+					return @ldap_bind($ds,$din,$pass);
+			}
+		}
+	}
+}
+
 function connect2db($config)
 {
 	$ds=@ldap_connect("$config[ldap_server]");  // must be a valid ldap server!
 	if ($ds)
-		$r=@ldap_bind($ds,"$config[ldap_binddn]",$config[ldap_bindpw]);
+		$r=@da_ldap_bind($ds,$config);
 	return $ds;
 }
 
diff --git a/lib/ldap/password_check.php3 b/lib/ldap/password_check.php3
index 6893d82..0fae14b 100644
--- a/lib/ldap/password_check.php3
+++ b/lib/ldap/password_check.php3
@@ -1,5 +1,4 @@
 <?php
-require('password.php3');
 
 if ($action == 'checkpass'){
 	$ds=@ldap_connect("$config[ldap_server]");  // must be a valid ldap server!
diff --git a/lib/ldap/user_info.php3 b/lib/ldap/user_info.php3
index 4974581..f14ef3d 100644
--- a/lib/ldap/user_info.php3
+++ b/lib/ldap/user_info.php3
@@ -1,5 +1,6 @@
 <?php
 require('../lib/ldap/attrmap.php3');
+require_once('../lib/ldap/functions.php3');
 if (is_file("../lib/lang/$config[general_prefered_lang]/utf8.php3"))
 	include_once("../lib/lang/$config[general_prefered_lang]/utf8.php3");
 else
@@ -25,7 +26,7 @@ $mailalt = '-';
 
 $ds=@ldap_connect("$config[ldap_server]");  // must be a valid ldap server!
 if ($ds) {
-	$r=@ldap_bind($ds,"$config[ldap_binddn]",$config[ldap_bindpw]);
+	$r=@da_ldap_bind($ds,$config);
 	$sr=@ldap_search($ds,"$config[ldap_base]", 'uid=' . $login);
 	$info = @ldap_get_entries($ds, $sr);
 	$dn = $info[0]['dn'];
diff --git a/lib/sql/attrmap.php3 b/lib/sql/attrmap.php3
index 9524f7d..c69f1a8 100644
--- a/lib/sql/attrmap.php3
+++ b/lib/sql/attrmap.php3
@@ -7,5 +7,6 @@ foreach($ARR as $val){
 		continue;
 	list($type,$key,$v)=split('[[:space:]]+',$val);
 	$attrmap["$key"]=$v;
+	$rev_attrmap["$v"] = $key;
 	$attr_type["$key"]=$type;
 }
diff --git a/lib/sql/change_attrs.php3 b/lib/sql/change_attrs.php3
index 9fbfc15..72a2782 100644
--- a/lib/sql/change_attrs.php3
+++ b/lib/sql/change_attrs.php3
@@ -16,6 +16,11 @@ if ($link){
 	foreach($show_attrs as $key => $desc){
 		if ($attrmap["$key"] == 'none')
 			continue;
+		if ($attrmap["$key"] == ''){
+			$attrmap["$key"] = $key;
+			$attr_type["key"] = 'replyItem';
+			$rev_attrmap["$key"] = $key;
+		}
 		$i = 0;
 		$j = -1;
 		$name = $attrmap["$key"] . $i;
diff --git a/lib/sql/create_group.php3 b/lib/sql/create_group.php3
index bae7175..f6dee4b 100644
--- a/lib/sql/create_group.php3
+++ b/lib/sql/create_group.php3
@@ -29,11 +29,16 @@ if ($link){
 		foreach($show_attrs as $key => $attr){
 			if ($attrmap["$key"] == 'none')
 				continue;
-			if ($attr_type[$key] == 'checkItem'){
+			if ($attrmap["$key"] == ''){
+				$attrmap["$key"] = $key;
+				$attr_type["$key"] = 'replyItem';
+				$rev_attrmap["$key"] = $key;
+			}	
+			if ($attr_type["$key"] == 'checkItem'){
 				$table = "$config[sql_groupcheck_table]";
 				$type = 1;
 			}
-			else if ($attr_type[$key] == 'replyItem'){
+			else if ($attr_type["$key"] == 'replyItem'){
 				$table = "$config[sql_groupreply_table]";
 				$type = 2;
 			}
diff --git a/lib/sql/create_user.php3 b/lib/sql/create_user.php3
index 7271325..fd723ef 100644
--- a/lib/sql/create_user.php3
+++ b/lib/sql/create_user.php3
@@ -66,11 +66,16 @@ if ($link){
 			foreach($show_attrs as $key => $attr){
 				if ($attrmap["$key"] == 'none')
 					continue;
-				if ($attr_type[$key] == 'checkItem'){
+				if ($attrmap["$key"] == ''){
+					$attrmap["$key"] = $key;
+					$attr_type["$key"] = 'replyItem';
+					$rev_attrmap["$key"] = $key;
+				}
+				if ($attr_type["$key"] == 'checkItem'){
 					$table = "$config[sql_check_table]";
 					$type = 1;
 				}
-				else if ($attr_type[$key] == 'replyItem'){
+				else if ($attr_type["$key"] == 'replyItem'){
 					$table = "$config[sql_reply_table]";
 					$type = 2;
 				}
diff --git a/lib/sql/defaults.php3 b/lib/sql/defaults.php3
index fbaa3ef..7641617 100644
--- a/lib/sql/defaults.php3
+++ b/lib/sql/defaults.php3
@@ -66,8 +66,17 @@ if ($login != ''){
 					}
 					else
 						echo "<b>Database query failed: " . da_sql_error($link,$config) . "</b><br>\n";
-					foreach($attrmap as $key => $val){
-						if (isset($tmp[$val])){
+					if (isset($tmp)){
+						foreach(array_keys($tmp) as $val){
+							if ($val == '')
+								continue;
+							$key = $rev_attrmap["$val"];
+							if ($key == ''){
+								$key = $val;
+								$attrmap["$key"] = $val;
+								$attr_type["$key"] = 'replyItem';
+								$rev_attrmap["$val"] = $key;
+							}
 							if (isset($default_vals["$key"]) && $overwrite_defaults){
 								if ($use_op)
 									$default_vals["$key"][operator] = $tmp["$val"][operator];
diff --git a/lib/sql/find.php3 b/lib/sql/find.php3
index 22d2e5b..2c63819 100644
--- a/lib/sql/find.php3
+++ b/lib/sql/find.php3
@@ -22,6 +22,10 @@ if ($link){
 	}
 	else if ($search_IN == 'radius' && $radius_attr != ''){
 		require("../lib/sql/attrmap.php3");
+		if ($attrmap["$radius_attr"] == ''){
+			$attrmap["$radius_attr"] = $radius_attr;
+			$attr_type["$radius_attr"] = 'replyItem';
+		}
 		$table = ($attr_type[$radius_attr] == 'checkItem') ? $config[sql_check_table] : $config[sql_reply_table];
 		$attr = $attrmap[$radius_attr];
 		$res = @da_sql_query($link,$config,
diff --git a/lib/sql/group_info.php3 b/lib/sql/group_info.php3
index d26a912..eb29d74 100644
--- a/lib/sql/group_info.php3
+++ b/lib/sql/group_info.php3
@@ -64,13 +64,21 @@ if ($link){
 		}	
 		else
 			echo "<b>Database query failed partially: " . da_sql_error($link,$config) . "</b><br>\n";
-		foreach($attrmap as $key => $val){
-			if (isset($tmp[$val])){
+		if (isset($tmp)){
+			foreach(array_keys($tmp) as $val){
+				if ($val == '')
+					continue;
+				$key = $rev_attrmap["$val"];
+				if ($key == ''){
+					$key = $val;
+					$attrmap["$key"] = $val;
+					$attr_type["$key"] = 'replyItem';
+					$rev_attrmap["$val"] = $key;
+				}
 				$item_vals["$key"] = $tmp[$val];
 				$item_vals["$key"][count] = $tmp[$val][count];
 				if ($use_op)
 					$item_vals["$key"][operator] = $tmp[$val][operator];
-
 			}
 		}
 
diff --git a/lib/sql/user_info.php3 b/lib/sql/user_info.php3
index 0bea692..81abcfb 100644
--- a/lib/sql/user_info.php3
+++ b/lib/sql/user_info.php3
@@ -93,13 +93,21 @@ if ($link){
 		}
 		else
 			echo "<b>Database query failed partially: " . da_sql_error($link,$config) . "</b><br>\n";
-		foreach($attrmap as $key => $val){
-			if (isset($tmp[$val])){
+		if (isset($tmp)){
+			foreach(array_keys($tmp) as $val){
+				if ($val == '')
+					continue;
+				$key = $rev_attrmap["$val"];
+				if ($key == ''){
+					$key = $val;
+					$attrmap["$key"] = $val;
+					$attr_type["$key"] = 'replyItem';
+					$rev_attrmap["$val"] = $key;
+				}
 				$item_vals["$key"] = $tmp[$val];
 				$item_vals["$key"][count] = $tmp[$val][count];
 				if ($use_op)
 					$item_vals["$key"][operator] = $tmp[$val][operator];
-
 			}
 		}
 
-- 
2.39.5