From 4aaf03abd52f4142ca7879c9ca50807037e0504d Mon Sep 17 00:00:00 2001
From: Marcello Coutinho <marcellocoutinho@gmail.com>
Date: Wed, 29 May 2013 21:19:09 -0300
Subject: dansguardian - improve ldap fetch code and fix cron problem on 2.1

---
 config/dansguardian/dansguardian.inc        |  8 ++++--
 config/dansguardian/dansguardian_groups.xml | 39 ++++++++++++++++++++++++--
 config/dansguardian/dansguardian_ldap.php   | 43 ++++++++++++++++++++---------
 3 files changed, 72 insertions(+), 18 deletions(-)

(limited to 'config/dansguardian')

diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index ec02656e..39282409 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -723,6 +723,7 @@ function sync_package_dansguardian($via_rpc="no",$install_process=false) {
 																				'urlacl'=> "Default",
 																				'group_options' => "scancleancache,infectionbypasserrorsonly",
 																				'reportinglevel'=>'3',
+																				'group_name_source'=>'name',
 																				'mode'=> "1",
 																				'report_level'=>"global");
 
@@ -979,7 +980,7 @@ EOF;
 	$cron_found=0;
 	if (is_array($config['cron']['item']))
 		foreach($config['cron']['item'] as $cron)
-			if (preg_match("@".DANSGUARDIAN_DIR."/(bin.freshclam|www/dansguardian)@",$cron["command"]))
+			if (preg_match("@(".DANSGUARDIAN_DIR."|/usr/local)/(bin.freshclam|www/dansguardian)@",$cron["command"]))
 				$cron_found++;
 			else
 				$new_cron['item'][]=$cron;
@@ -1062,6 +1063,7 @@ EOF;
 	$cron_cmd="/usr/local/bin/php /usr/local/www/dansguardian_ldap.php";
 	if (is_array($config['installedpackages']['dansguardiangroups']['config']))
 	 foreach ($config['installedpackages']['dansguardiangroups']['config'] as $dansguardian_groups){
+	  $dans_group_source=($dansguardian_groups['groupnamesource'] !="" ? $dansguardian_groups['groupnamesource'] : "name");
 	  if(preg_match('/(\d+)m/',$dansguardian_groups['freq'],$matches)){
 				$new_cron['item'][]=array(	"minute" =>	"*/".$matches[1],
 											"hour"	 =>	"*",
@@ -1069,7 +1071,7 @@ EOF;
 											"month"  =>	"*",
 											"wday"	 =>	"*",
 											"who"	 =>	"root",
-											"command"=>	$cron_cmd." ".$dansguardian_groups['name']);
+											"command"=>	"{$cron_cmd} $dans_group_source '{$dansguardian_groups[$dans_group_source]}'");
 				$config['cron']=$new_cron;
 				$cron_found++;
 		}
@@ -1080,7 +1082,7 @@ EOF;
 											"month"  =>	"*",
 											"wday"	 =>	"*",
 											"who"	 =>	"root",
-											"command"=>	$cron_cmd." ".$dansguardian_groups['name']);
+											"command"=>	"{$cron_cmd} $dans_group_source '{$dansguardian_groups[$dans_group_source]}'");
 				$config['cron']=$new_cron;
 				$cron_found++;
 		}
diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml
index fc9ff8a8..aaa9bcd6 100755
--- a/config/dansguardian/dansguardian_groups.xml
+++ b/config/dansguardian/dansguardian_groups.xml
@@ -385,11 +385,21 @@
 			<name>LDAP</name>
 			<type>listtopic</type>
 		</field>
+		<field>
+			<fielddescr>LDAP group name source</fielddescr>
+			<fieldname>groupnamesource</fieldname>
+			<description><![CDATA[ This option determines where to look for LDAP group/OU name.]]></description>
+	    	<type>select</type>
+ 				<options>
+ 				<option><name>Dansguardian Group Name(default)</name><value>name</value></option>
+ 				<option><name>Dansguardian Group Description</name><value>description</value></option>
+ 				</options>
+		</field>
 		<field>
 			<fielddescr>LDAP</fielddescr>
 			<fieldname>ldap</fieldname>
-			<description><![CDATA[Select Active directory servers to extract users from<br>
-								 The group must has the same name in dansguardian and on active directory<br>
+			<description><![CDATA[Select LDAP servers to extract users from<br>
+								 The group must has the same name( or description) in dansguardian and on active directory<br>
 								 <strong>This is not aplicable for default group</strong>]]></description>
 	    	<type>select_source</type>
 	    	<size>05</size>
@@ -398,6 +408,31 @@
 			<source_name>dc</source_name>
 			<source_value>dc</source_value>
 		</field>
+		<field>
+			<fielddescr>LDAP user account status</fielddescr>
+			<fieldname>useraccountcontrol</fieldname>
+			<description><![CDATA[Import only users with these account status. Leave empty to do not check account status.]]></description>
+	    	<type>select</type>
+ 				<options>
+ 				<option><name>Normal (code 512)</name><value>512</value></option>
+				<option><name>Disabled Account (code 514)</name><value>514</value></option>
+ 				<option><name>Account is Disabled (code 2)</name><value>2</value></option>
+ 				<option><name>Account Locked Out (code 16)</name><value>16</value></option>
+ 				<option><name>Entered Bad Password (code 17)</name><value>17</value></option>
+ 				<option><name>No Password is Required(code 32)</name><value>32</value></option>
+ 				<option><name>Password CANNOT Change(code 64)</name><value>64</value></option>
+ 				<option><name>Password has Expired (code 8388608)</name><value>8388608</value></option>
+ 				<option><name>Account will Never Expire (code 65536)</name><value>65536</value></option>
+ 				<option><name>Enabled and Does NOT expire Paswword (code 66048)</name><value>66048</value></option>
+ 				<option><name>Server Trusted Account for Delegation (code 8192)</name><value>8192</value></option>
+ 				<option><name>Trusted Account for Delegation (code 524288)</name><value>524288</value></option>
+ 				<option><name>Enabled, User Cannot Change Password, Password Never Expires (code 590336)</name><value>590336</value></option>
+ 				<option><name>Normal Account, Password will not expire and Currently Disabled (code 66050)</name><value>66050</value></option>
+				<option><name>Account Enabled, Password does not expire, currently Locked out (code 66064)</name><value>66064</value></option>
+ 				</options>
+ 			<multiple/>
+ 			<size>16</size>
+		</field>
 		<field>
 			<fielddescr>Update frequency</fielddescr>
 			<fieldname>freq</fieldname>
diff --git a/config/dansguardian/dansguardian_ldap.php b/config/dansguardian/dansguardian_ldap.php
index 33cbee91..01d4764e 100644
--- a/config/dansguardian/dansguardian_ldap.php
+++ b/config/dansguardian/dansguardian_ldap.php
@@ -56,6 +56,7 @@ function get_ldap_members($group,$user,$password) {
 	global $ldap_host;
 	global $ldap_dn;
 	$LDAPFieldsToFind = array("member");
+		print  "{$ldap_host} {$ldap_dn}\n";
 	$ldap = ldap_connect($ldap_host) or die("Could not connect to LDAP");
 
 	// OPTIONS TO AD
@@ -64,7 +65,10 @@ function get_ldap_members($group,$user,$password) {
 
 	ldap_bind($ldap, $user, $password) or die("Could not bind to LDAP");
 
-	$results = ldap_search($ldap,$ldap_dn,"cn=" . $group,$LDAPFieldsToFind);
+	//check if group is just a name or an ldap string
+	$group_cn=(preg_match("/cn=/i",$group)? $group : "cn={$group}");
+	
+	$results = ldap_search($ldap,$ldap_dn,$group_cn,$LDAPFieldsToFind);
 	
 	$member_list = ldap_get_entries($ldap, $results);
 	$group_member_details = array();
@@ -77,7 +81,8 @@ function get_ldap_members($group,$user,$password) {
 				$member_search = ldap_search($ldap, $ldap_dn, "(CN=" . $member_cn . ")");
 				$member_details = ldap_get_entries($ldap, $member_search);
 				$group_member_details[] = array($member_details[0]['samaccountname'][0],
-												$member_details[0]['displayname'][0]);
+												$member_details[0]['displayname'][0],
+												$member_details[0]['useraccountcontrol'][0]);
 			}
 	ldap_close($ldap);
 	array_shift($group_member_details);
@@ -96,11 +101,12 @@ $apply_config=0;
 if (is_array($config['installedpackages']['dansguardiangroups']['config']))
 	foreach($config['installedpackages']['dansguardiangroups']['config'] as $group) {
 		#ignore default group
-		if ($id > 0)
-			if ($argv[1] == "" || $argv[1] == $group['name']){
+		if ($id > 0){
+			$ldap_group_source=(preg_match("/description/",$argv[1]) ? "description" : "name");
+			if ($argv[2] == $group[$ldap_group_source]){
 	   		$members="";
 	   		$ldap_servers= explode (',',$group['ldap']);
-	   		echo  "Group : " . $group['name']."\n";
+	   		echo  "Group : {$group['name']}({$group['description']})\n";
 	   		if (is_array($config['installedpackages']['dansguardianldap']['config']))
 	   			foreach ($config['installedpackages']['dansguardianldap']['config'] as $server){
 		   			if (in_array($server['dc'],$ldap_servers)){
@@ -113,18 +119,28 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config']))
 		   					$ldap_username=$server['username'];
 		   				#$domainuser=split("cn=",$server['username']);
 		   				#$ldap_username=preg_replace("/,\./","@",$domainuser[1].preg_replace("/(,|)DC=/i",".",$server['dn']));
-				   		$result = get_ldap_members($group['name'],$ldap_username,$server['password']);
-		   				foreach($result as $key => $value) {
-			    			if (preg_match ("/\w+/",$value[0])){
+				   		$result = get_ldap_members($group[$ldap_group_source],$ldap_username,$server['password']);
+				   		if ($group['useraccountcontrol'] !="")
+				   			$valid_account_codes=explode(",",$group['useraccountcontrol']);
+		   				foreach($result as $mvalue) {
+			    			if (preg_match ("/\w+/",$mvalue[0])){
 			    				#var_dump($value);
-			    				$name= preg_replace('/[^(\x20-\x7F)]*/','', $value[1]);
+			    				$name= preg_replace("/&([a-z])[a-z]+;/i", "$1", htmlentities($mvalue[1]));//preg_replace('/[^(\x20-\x7F)]*/','', $mvalue[1]);
 			    				$pattern[0]="/USER/";
 			    				$pattern[1]="/,/";
 			    				$pattern[2]="/NAME/";
-			    				$replace[0]=$value[0];
+			    				$replace[0]=$mvalue[0];
 			    				$replace[1]="\n";
 			    				$replace[2]="$name";
-		    	  				$members .= preg_replace($pattern,$replace,$mask)."\n";
+			    				
+			    				if (is_array($valid_account_codes)){
+			    					if (in_array($mvalue[2],$valid_account_codes,true))
+		    	  						$members .= preg_replace($pattern,$replace,$mask)."\n";
+			    					}
+			    				else
+			    					{
+			    					$members .= preg_replace($pattern,$replace,$mask)."\n";
+			    					}
 			    				}
 		   					}
 		   			}
@@ -144,8 +160,9 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config']))
 		   		$apply_config++;
 		   		}
 		   	}
-			}
-		$id++;			
+		  }
+		}		
+		$id++;
 	}
 if ($apply_config > 0){
 	print "User list from LDAP is different from current group, applying new configuration...";
-- 
cgit v1.2.3