function isUserLogged()
{
- return (isset($_SESSION["login"]) && doConnect() !== NULL);
-}
-
-function doConnect()
-{
- global $connection;
- $server = "ldaps://ldap.immae.eu";
-
- if ($connection === NULL) {
- $connection = ldap_connect($server);
- ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
- if (isset($_SESSION["user_dn"]) && isset($_SESSION["password"])) {
- if (ldap_bind($connection, $_SESSION["user_dn"], $_SESSION["password"]) === false) {
- $connection = NULL;
- unset($_SESSION["user_dn"]);
- unset($_SESSION["password"]);
- unset($_SESSION["login"]);
- }
- }
- }
-
- return $connection;
+ return (isset($_SESSION["login"]));
}
function checkLogin($user, $password)
{
- $con = doConnect();
+ $server = "ldaps://ldap.immae.eu";
+ $con = ldap_connect($server);
+ ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
$user_dn = "uid=$user,ou=users,dc=immae,dc=eu";
return false;
}
$_SESSION["user_dn"] = $user_dn;
- $_SESSION["password"] = $password;
$user_search = ldap_search($con,"dc=immae,dc=eu","(uid=$user)");
$auth_entry = ldap_first_entry($con, $user_search);
return true;
}
-function getLdapInfo()
-{
- $con = doConnect();
- if (!isset($_SESSION["user_dn"])) {
- $sortieLdap = [];
- } else {
- $user_read = ldap_read($con, $_SESSION["user_dn"], "(objectclass=*)", array("uid","immaeSshKey"));
- $user_entry = ldap_first_entry($con, $user_read);
- $sortieLdap = ldap_get_values($con, $user_entry, "immaeSshKey");
- unset($sortieLdap["count"]);
- }
-
- $keys = [];
- foreach ($sortieLdap as $line) {
- $exploded = explode(' ', $line);
-
- $apps = explode('|', $exploded[0]);
- $publicKey = $exploded[1] . ' ' . $exploded[2];
-
- unset($exploded[0]);
- unset($exploded[1]);
- unset($exploded[2]);
-
- $comment = implode(' ', $exploded);
-
- $keys[] = [
- 'apps' => $apps,
- 'public_key' => $publicKey,
- 'comment' => $comment,
- ];
+function connectPg() {
+ foreach(["PGUSER", "PGPASSWORD", "PGDATABASE", "PGHOST"] as $k) {
+ if (isset($_SERVER[$k]) && !isset($_ENV[$k])) {
+ putenv("${k}=" . $_SERVER[$k]);
}
+ }
+ $con = pg_connect("");
+ if (!$con) {
+ die("database access error");
+ }
+ return $con;
+}
+function getKeys()
+{
+ $keys = [];
+ if (!isset($_SESSION["login"]))
return $keys;
+ $pg = connectPg();
+ $result = pg_query_params($pg, "SELECT id,key,array_to_json(usage) as usage,comment FROM ldap_users_ssh_keys WHERE realm = 'immae' AND login = $1 ORDER BY id", array($_SESSION["login"]));
+ if (!$result) {
+ die("database access error");
+ }
+ $keys = [];
+ while ($row = pg_fetch_assoc($result)) {
+ $keys[] = array(
+ 'id' => $row["id"],
+ 'apps' => json_decode($row["usage"]),
+ 'public_key' => $row["key"],
+ 'comment' => $row["comment"],
+ );
+ }
+
+ pg_close($pg);
+ return $keys;
}
-function pushLdapInfos($keys)
+function saveKeys($keys)
{
- $con = doConnect();
- if (!isset($_SESSION["user_dn"]))
- return false;
-
- return ldap_mod_replace($con, $_SESSION["user_dn"], array("immaeSshKey" => $keys));
+ if (!isset($_SESSION["login"])) {
+ return false;
+ }
+ $pg = connectPg();
+ $existingIds = pg_fetch_all_columns(pg_query_params($pg, "SELECT id FROM ldap_users_ssh_keys WHERE realm = 'immae' AND login = $1", array($_SESSION["login"])));
+ foreach ($keys as $key) {
+ if (isset($key["id"])) {
+ unset($existingIds[array_search($key["id"],$existingIds)]);
+ pg_query_params($pg, "UPDATE ldap_users_ssh_keys SET key = $2, usage = ARRAY(SELECT * FROM json_array_elements_text($3))::ldap_users_ssh_key_usage[], comment = $4 WHERE id = $5 AND login = $1 AND realm = 'immae'", array($_SESSION["login"], $key["public_key"], json_encode($key["apps"]), $key["comment"], $key["id"]));
+ } else {
+ pg_query_params($pg, "INSERT INTO ldap_users_ssh_keys (login,realm,key,usage,comment) values ($1,'immae',$2,ARRAY(SELECT * FROM json_array_elements_text($3))::ldap_users_ssh_key_usage[],$4)", array($_SESSION["login"], $key["public_key"], json_encode($key["apps"]), $key["comment"]));
+ }
+ }
+ foreach ($existingIds as $removedKeyId) {
+ pg_query_params($pg, "DELETE FROM ldap_users_ssh_keys WHERE login = $1 AND realm = 'immae' AND id = $2", array($_SESSION["login"], $removedKeyId));
+ }
}
}
if (!isset($editedKeys[$id]['error']) || $editedKeys[$id]['error'] !== true) {
- $keysToSave[] = implode('|', $key['apps']) . ' ' . $key['public_key'] . ' ' . $key['comment'];
+ $keysToSave[] = $key;
}
}
if (!$errors) {
- $successSave = pushLdapInfos($keysToSave);
+ $successSave = saveKeys($keysToSave);
}
}
}
if (isUserLogged()) :
- $keys = isset($editedKeys) ? $editedKeys : getLdapInfo();
+ $keys = isset($editedKeys) ? $editedKeys : getKeys();
?>
<p>Connecté en tant que <b><?= $_SESSION['login']; ?></b></p>
?>
<td><input type="checkbox" name="keys[<?= $id ?>][apps][]" value="<?= $app ?>"<?= $checked ? ' checked' : '' ?>></td>
<?php endforeach; ?>
- <td class="delete-button" rowspan="2"><button class="delete">Suppr.</button></td>
+ <td class="delete-button" rowspan="2"><input type="hidden" name="keys[<?= $id ?>][id]" value="<?= $sshKey["id"] ?>"><button class="delete">Suppr.</button></td>
</tr>
<tr class="sshkeyrow">
<td colspan="<?php echo 1+count(apps); ?>" class="sshkey"><textarea name="keys[<?= $id ?>][public_key]" <?php if (isset($sshKey['error']) && $sshKey['error'] === true) :?>style="color: red"<?php endif; ?>><?= $sshKey['public_key'] ?></textarea></td>
function deleteLine(element) {
element.addEventListener('click', function(e) {
e.preventDefault();
+ e.target.closest('tr').nextElementSibling.remove();
+ e.target.closest('tr').previousElementSibling.remove();
e.target.closest('tr').remove();
}, false);
}
</tr>`;
newLine += `<tr class="sshkeyrow">
- <td colspan="<?php echo 1+count(apps); ?>" class="sshkey"><textarea name="keys[$[i}][public_key]"></textarea></td>
+ <td colspan="<?php echo 1+count(apps); ?>" class="sshkey"><textarea name="keys[${i}][public_key]"></textarea></td>
</tr>`;
projects / perso / Immae / Config / Nix.git / blobdiff