X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=systems%2Feldiron%2Fwebsites%2Ftools%2Flanding%2Fldap_ssh_keys.php;fp=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Flanding%2Fldap_ssh_keys.php;h=85ed973ba55f88a7e540c3bc1dc279070f7f8bb5;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=259e28d1ac9e39366b1a672963cbf3f20a433787;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/tools/tools/landing/ldap_ssh_keys.php b/systems/eldiron/websites/tools/landing/ldap_ssh_keys.php
similarity index 75%
rename from modules/private/websites/tools/tools/landing/ldap_ssh_keys.php
rename to systems/eldiron/websites/tools/landing/ldap_ssh_keys.php
index 259e28d..85ed973 100644
--- a/modules/private/websites/tools/tools/landing/ldap_ssh_keys.php
+++ b/systems/eldiron/websites/tools/landing/ldap_ssh_keys.php
@@ -78,33 +78,14 @@ function checkSshKey($sshKey)
 
 function isUserLogged()
 {
-    return (isset($_SESSION["login"]) && doConnect() !== NULL);
-}
-
-function doConnect()
-{
-  global $connection;
-  $server = "ldaps://ldap.immae.eu";
-
-  if ($connection === NULL) {
-    $connection = ldap_connect($server);
-    ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
-    if (isset($_SESSION["user_dn"]) && isset($_SESSION["password"])) {
-      if (ldap_bind($connection, $_SESSION["user_dn"], $_SESSION["password"]) === false) {
-        $connection = NULL;
-        unset($_SESSION["user_dn"]);
-        unset($_SESSION["password"]);
-        unset($_SESSION["login"]);
-      }
-    }
-  }
-
-  return $connection;
+    return (isset($_SESSION["login"]));
 }
 
 function checkLogin($user, $password)
 {
-    $con = doConnect();
+    $server = "ldaps://ldap.immae.eu";
+    $con = ldap_connect($server);
+    ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
 
     $user_dn = "uid=$user,ou=users,dc=immae,dc=eu";
 
@@ -112,7 +93,6 @@ function checkLogin($user, $password)
         return false;
     }
     $_SESSION["user_dn"] = $user_dn;
-    $_SESSION["password"] = $password;
 
     $user_search = ldap_search($con,"dc=immae,dc=eu","(uid=$user)");
     $auth_entry = ldap_first_entry($con, $user_search);
@@ -120,48 +100,61 @@ function checkLogin($user, $password)
     return true;
 }
 
-function getLdapInfo()
-{
-  $con = doConnect();
-  if (!isset($_SESSION["user_dn"])) {
-    $sortieLdap = [];
-  } else {
-    $user_read  = ldap_read($con, $_SESSION["user_dn"], "(objectclass=*)", array("uid","immaeSshKey"));
-    $user_entry = ldap_first_entry($con, $user_read);
-    $sortieLdap = ldap_get_values($con, $user_entry, "immaeSshKey");
-    unset($sortieLdap["count"]);
-  }
-
-    $keys = [];
-    foreach ($sortieLdap as $line) {
-        $exploded = explode(' ', $line);
-
-        $apps = explode('|', $exploded[0]);
-        $publicKey = $exploded[1] . ' ' . $exploded[2];
-
-        unset($exploded[0]);
-        unset($exploded[1]);
-        unset($exploded[2]);
-
-        $comment = implode(' ', $exploded);
-
-        $keys[] = [
-            'apps'       => $apps,
-            'public_key' => $publicKey,
-            'comment'    => $comment,
-        ];
+function connectPg() {
+  foreach(["PGUSER", "PGPASSWORD", "PGDATABASE", "PGHOST"] as $k) {
+    if (isset($_SERVER[$k]) && !isset($_ENV[$k])) {
+      putenv("${k}=" . $_SERVER[$k]);
     }
+  }
+  $con = pg_connect("");
+  if (!$con) {
+    die("database access error");
+  }
+  return $con;
+}
 
+function getKeys()
+{
+  $keys = [];
+  if (!isset($_SESSION["login"]))
     return $keys;
+  $pg = connectPg();
+  $result = pg_query_params($pg, "SELECT id,key,array_to_json(usage) as usage,comment FROM ldap_users_ssh_keys WHERE realm = 'immae' AND login = $1 ORDER BY id", array($_SESSION["login"]));
+  if (!$result) {
+    die("database access error");
+  }
+  $keys = [];
+  while ($row = pg_fetch_assoc($result)) {
+    $keys[] = array(
+      'id'         => $row["id"],
+      'apps'       => json_decode($row["usage"]),
+      'public_key' => $row["key"],
+      'comment'    => $row["comment"],
+    );
+  }
+
+  pg_close($pg);
+  return $keys;
 }
 
-function pushLdapInfos($keys)
+function saveKeys($keys)
 {
-    $con = doConnect();
-    if (!isset($_SESSION["user_dn"]))
-      return false;
-
-    return ldap_mod_replace($con, $_SESSION["user_dn"], array("immaeSshKey" => $keys));
+  if (!isset($_SESSION["login"])) {
+    return false;
+  }
+  $pg = connectPg();
+  $existingIds = pg_fetch_all_columns(pg_query_params($pg, "SELECT id FROM ldap_users_ssh_keys WHERE realm = 'immae' AND login = $1", array($_SESSION["login"])));
+  foreach ($keys as $key) {
+    if (isset($key["id"])) {
+      unset($existingIds[array_search($key["id"],$existingIds)]);
+      pg_query_params($pg, "UPDATE ldap_users_ssh_keys SET key = $2, usage = ARRAY(SELECT * FROM json_array_elements_text($3))::ldap_users_ssh_key_usage[], comment = $4 WHERE id = $5 AND login = $1 AND realm = 'immae'", array($_SESSION["login"], $key["public_key"], json_encode($key["apps"]), $key["comment"], $key["id"]));
+    } else {
+      pg_query_params($pg, "INSERT INTO ldap_users_ssh_keys (login,realm,key,usage,comment) values ($1,'immae',$2,ARRAY(SELECT * FROM json_array_elements_text($3))::ldap_users_ssh_key_usage[],$4)", array($_SESSION["login"], $key["public_key"], json_encode($key["apps"]), $key["comment"]));
+    }
+  }
+  foreach ($existingIds as $removedKeyId) {
+    pg_query_params($pg, "DELETE FROM ldap_users_ssh_keys WHERE login = $1 AND realm = 'immae' AND id = $2", array($_SESSION["login"], $removedKeyId));
+  }
 }
 
 
@@ -192,12 +185,12 @@ if (isset($_POST['sauvegarder'])) {
         }
 
         if (!isset($editedKeys[$id]['error']) || $editedKeys[$id]['error'] !== true) {
-            $keysToSave[] = implode('|', $key['apps']) . ' ' . $key['public_key'] . ' ' . $key['comment'];
+          $keysToSave[] = $key;
         }
     }
 
     if (!$errors) {
-        $successSave = pushLdapInfos($keysToSave);
+        $successSave = saveKeys($keysToSave);
     }
 }
 
@@ -213,7 +206,7 @@ if (isset($_POST['login'])) {
 }
 
 if (isUserLogged()) :
-    $keys = isset($editedKeys) ? $editedKeys : getLdapInfo();
+    $keys = isset($editedKeys) ? $editedKeys : getKeys();
 ?>
         <p>Connecté en tant que <b><?= $_SESSION['login']; ?></b></p>
 
@@ -246,7 +239,7 @@ if (isUserLogged()) :
                             ?>
                             <td><input type="checkbox" name="keys[<?= $id ?>][apps][]" value="<?= $app ?>"<?= $checked ? ' checked' : '' ?>></td>
                         <?php endforeach; ?>
-                        <td class="delete-button" rowspan="2"><button class="delete">Suppr.</button></td>
+                        <td class="delete-button" rowspan="2"><input type="hidden" name="keys[<?= $id ?>][id]" value="<?= $sshKey["id"] ?>"><button class="delete">Suppr.</button></td>
                     </tr>
                     <tr class="sshkeyrow">
                             <td colspan="<?php echo 1+count(apps); ?>" class="sshkey"><textarea name="keys[<?= $id ?>][public_key]" <?php if (isset($sshKey['error']) && $sshKey['error'] === true) :?>style="color: red"<?php endif; ?>><?= $sshKey['public_key'] ?></textarea></td>
@@ -267,6 +260,8 @@ if (isUserLogged()) :
             function deleteLine(element) {
                 element.addEventListener('click', function(e) {
                     e.preventDefault();
+                    e.target.closest('tr').nextElementSibling.remove();
+                    e.target.closest('tr').previousElementSibling.remove();
                     e.target.closest('tr').remove();
                 }, false);
             }
@@ -306,7 +301,7 @@ if (isUserLogged()) :
                 </tr>`;
 
                 newLine += `<tr class="sshkeyrow">
-                    <td colspan="<?php echo 1+count(apps); ?>" class="sshkey"><textarea name="keys[$[i}][public_key]"></textarea></td>
+                    <td colspan="<?php echo 1+count(apps); ?>" class="sshkey"><textarea name="keys[${i}][public_key]"></textarea></td>
                 </tr>`;