guichet/admin.go

456 lines
10 KiB
Go
Raw Normal View History

2020-02-09 17:28:42 +00:00
package main
import (
2020-02-09 21:06:33 +00:00
"strings"
2020-02-09 18:56:01 +00:00
"fmt"
2020-02-09 17:28:42 +00:00
"html/template"
"net/http"
"sort"
"github.com/go-ldap/ldap/v3"
2020-02-09 21:06:33 +00:00
"github.com/gorilla/mux"
2020-02-09 17:28:42 +00:00
)
func checkAdminLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
login := checkLogin(w, r)
if login == nil {
return nil
}
can_admin := false
for _, group := range login.UserEntry.GetAttributeValues("memberof") {
if config.GroupCanAdmin != "" && group == config.GroupCanAdmin {
can_admin = true
}
}
if !can_admin {
http.Redirect(w, r, "/", http.StatusFound)
return nil
}
return login
}
2020-02-09 21:06:33 +00:00
type EntryList []*ldap.Entry
func (d EntryList) Len() int {
return len(d)
}
func (d EntryList) Swap(i, j int) {
d[i], d[j] = d[j], d[i]
}
func (d EntryList) Less(i, j int) bool {
return d[i].DN < d[j].DN
}
2020-02-09 17:28:42 +00:00
type AdminUsersTplData struct {
2020-02-09 18:56:01 +00:00
Login *LoginStatus
2020-02-09 17:28:42 +00:00
UserNameAttr string
2020-02-09 21:06:33 +00:00
Users EntryList
2020-02-09 17:28:42 +00:00
}
func handleAdminUsers(w http.ResponseWriter, r *http.Request) {
templateAdminUsers := template.Must(template.ParseFiles("templates/layout.html", "templates/admin_users.html"))
2020-02-09 21:06:33 +00:00
login := checkAdminLogin(w, r)
2020-02-09 17:28:42 +00:00
if login == nil {
return
}
searchRequest := ldap.NewSearchRequest(
config.UserBaseDN,
ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=organizationalPerson))"),
[]string{config.UserNameAttr, "dn", "displayname", "givenname", "sn", "mail"},
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
data := &AdminUsersTplData{
2020-02-09 18:56:01 +00:00
Login: login,
2020-02-09 17:28:42 +00:00
UserNameAttr: config.UserNameAttr,
2020-02-09 21:06:33 +00:00
Users: EntryList(sr.Entries),
2020-02-09 17:28:42 +00:00
}
2020-02-09 21:06:33 +00:00
sort.Sort(data.Users)
2020-02-09 17:28:42 +00:00
templateAdminUsers.Execute(w, data)
}
2020-02-09 21:06:33 +00:00
type AdminGroupsTplData struct {
Login *LoginStatus
GroupNameAttr string
Groups EntryList
2020-02-09 17:28:42 +00:00
}
2020-02-09 21:06:33 +00:00
func handleAdminGroups(w http.ResponseWriter, r *http.Request) {
templateAdminGroups := template.Must(template.ParseFiles("templates/layout.html", "templates/admin_groups.html"))
login := checkAdminLogin(w, r)
if login == nil {
return
}
searchRequest := ldap.NewSearchRequest(
config.GroupBaseDN,
ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=groupOfNames))"),
[]string{config.GroupNameAttr, "dn", "displayname"},
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
data := &AdminGroupsTplData{
Login: login,
GroupNameAttr: config.GroupNameAttr,
Groups: EntryList(sr.Entries),
}
sort.Sort(data.Groups)
templateAdminGroups.Execute(w, data)
2020-02-09 17:28:42 +00:00
}
2020-02-09 21:06:33 +00:00
type AdminLDAPTplData struct {
DN string
Path []PathItem
Children []Child
Props map[string]*PropValues
HasMembers bool
2020-02-09 21:32:59 +00:00
Members []EntryName
HasGroups bool
2020-02-09 21:32:59 +00:00
Groups []EntryName
Error string
Success bool
}
type EntryName struct {
DN string
DisplayName string
2020-02-09 21:06:33 +00:00
}
type Child struct {
DN string
Identifier string
DisplayName string
}
type PathItem struct {
DN string
Identifier string
Active bool
}
type PropValues struct {
Name string
2020-02-09 21:06:33 +00:00
Values []string
Editable bool
}
func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
templateAdminLDAP := template.Must(template.ParseFiles("templates/layout.html", "templates/admin_ldap.html"))
login := checkAdminLogin(w, r)
if login == nil {
return
}
dn := mux.Vars(r)["dn"]
2020-02-09 21:32:59 +00:00
dError := ""
dSuccess := false
2020-02-09 21:06:33 +00:00
if r.Method == "POST" {
r.ParseForm()
action := strings.Join(r.Form["action"], "")
if action == "modify" {
attr := strings.Join(r.Form["attr"], "")
values := strings.Split(strings.Join(r.Form["values"], ""), "\n")
values_filtered := []string{}
for _, v := range values {
v2 := strings.TrimSpace(v)
if v2 != "" {
values_filtered = append(values_filtered, v2)
}
}
if len(values_filtered) == 0 {
2020-02-09 21:32:59 +00:00
dError = "Refusing to delete attribute."
2020-02-09 21:06:33 +00:00
} else {
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Replace(attr, values_filtered)
err := login.conn.Modify(modify_request)
if err != nil {
2020-02-09 21:32:59 +00:00
dError = err.Error()
2020-02-09 21:06:33 +00:00
} else {
2020-02-09 21:32:59 +00:00
dSuccess = true
2020-02-09 21:06:33 +00:00
}
}
} else if action == "add" {
attr := strings.Join(r.Form["attr"], "")
values := strings.Split(strings.Join(r.Form["values"], ""), "\n")
values_filtered := []string{}
for _, v := range values {
v2 := strings.TrimSpace(v)
if v2 != "" {
values_filtered = append(values_filtered, v2)
}
}
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Add(attr, values_filtered)
err := login.conn.Modify(modify_request)
if err != nil {
2020-02-09 21:32:59 +00:00
dError = err.Error()
} else {
dSuccess = true
2020-02-09 21:06:33 +00:00
}
} else if action == "delete" {
attr := strings.Join(r.Form["attr"], "")
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Replace(attr, []string{})
err := login.conn.Modify(modify_request)
if err != nil {
2020-02-09 21:32:59 +00:00
dError = err.Error()
} else {
dSuccess = true
}
} else if action == "delete-from-group" {
group := strings.Join(r.Form["group"], "")
modify_request := ldap.NewModifyRequest(group, nil)
modify_request.Delete("member", []string{dn})
err := login.conn.Modify(modify_request)
if err != nil {
dError = err.Error()
} else {
dSuccess = true
}
} else if action == "add-to-group" {
group := strings.Join(r.Form["group"], "")
modify_request := ldap.NewModifyRequest(group, nil)
modify_request.Add("member", []string{dn})
err := login.conn.Modify(modify_request)
if err != nil {
dError = err.Error()
} else {
dSuccess = true
}
} else if action == "delete-member" {
member := strings.Join(r.Form["member"], "")
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Delete("member", []string{member})
err := login.conn.Modify(modify_request)
if err != nil {
dError = err.Error()
} else {
dSuccess = true
2020-02-09 21:06:33 +00:00
}
}
}
// Build path
path := []PathItem{
PathItem{
DN: config.BaseDN,
Identifier: config.BaseDN,
Active: dn == config.BaseDN,
},
}
len_base_dn := len(strings.Split(config.BaseDN, ","))
dn_split := strings.Split(dn, ",")
dn_last_attr := strings.Split(dn_split[0], "=")[0]
for i := len_base_dn + 1; i <= len(dn_split); i++ {
path = append(path, PathItem{
DN: strings.Join(dn_split[len(dn_split)-i:len(dn_split)], ","),
Identifier: dn_split[len(dn_split)-i],
Active: i == len(dn_split),
})
}
// Get object and parse it
searchRequest := ldap.NewSearchRequest(
dn,
ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectclass=*)"),
[]string{},
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if len(sr.Entries) != 1 {
http.Error(w, fmt.Sprintf("%d objects found", len(sr.Entries)), http.StatusInternalServerError)
return
}
object := sr.Entries[0]
props := make(map[string]*PropValues)
for _, attr := range object.Attributes {
name_lower := strings.ToLower(attr.Name)
if name_lower != dn_last_attr {
if existing, ok := props[name_lower]; ok {
2020-02-09 21:06:33 +00:00
existing.Values = append(existing.Values, attr.Values...)
} else {
editable := true
for _, restricted := range []string{
"creatorsname", "modifiersname", "createtimestamp",
"modifytimestamp", "entryuuid",
} {
if strings.EqualFold(attr.Name, restricted) {
editable = false
break
}
}
props[name_lower] = &PropValues{
Name: attr.Name,
2020-02-09 21:06:33 +00:00
Values: attr.Values,
Editable: editable,
}
}
}
}
2020-02-09 21:32:59 +00:00
members_dn := []string{}
2020-02-09 21:06:33 +00:00
if mp, ok := props["member"]; ok {
2020-02-09 21:32:59 +00:00
members_dn = mp.Values
2020-02-09 21:06:33 +00:00
delete(props, "member")
}
2020-02-09 21:32:59 +00:00
members := []EntryName{}
if len(members_dn) > 0 {
mapDnToName := make(map[string]string)
searchRequest = ldap.NewSearchRequest(
config.UserBaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectClass=organizationalPerson)"),
[]string{"dn", "displayname"},
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
for _, ent := range sr.Entries {
mapDnToName[ent.DN] = ent.GetAttributeValue("displayname")
}
for _, memdn := range members_dn {
members = append(members, EntryName{
DN: memdn,
DisplayName: mapDnToName[memdn],
})
}
}
groups_dn := []string{}
2020-02-09 21:06:33 +00:00
if gp, ok := props["memberof"]; ok {
2020-02-09 21:32:59 +00:00
groups_dn = gp.Values
2020-02-09 21:06:33 +00:00
delete(props, "memberof")
}
2020-02-09 21:32:59 +00:00
groups := []EntryName{}
if len(groups_dn) > 0 {
mapDnToName := make(map[string]string)
searchRequest = ldap.NewSearchRequest(
config.GroupBaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectClass=groupOfNames)"),
[]string{"dn", "displayname"},
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
for _, ent := range sr.Entries {
mapDnToName[ent.DN] = ent.GetAttributeValue("displayname")
}
for _, grpdn := range groups_dn {
groups = append(groups, EntryName{
DN: grpdn,
DisplayName: mapDnToName[grpdn],
})
}
}
2020-02-09 21:06:33 +00:00
// Get children
searchRequest = ldap.NewSearchRequest(
dn,
ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectclass=*)"),
[]string{"dn", "displayname"},
nil)
sr, err = login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
sort.Sort(EntryList(sr.Entries))
children := []Child{}
for _, item := range sr.Entries {
children = append(children, Child{
DN: item.DN,
Identifier: strings.Split(item.DN, ",")[0],
DisplayName: item.GetAttributeValue("displayname"),
})
}
// Checkup objectclass
objectClass := []string{}
if val, ok := props["objectclass"]; ok {
objectClass = val.Values
}
hasMembers, hasGroups := false, false
for _, oc := range objectClass {
if strings.EqualFold(oc, "organizationalperson") || strings.EqualFold(oc, "person") {
hasGroups = true
}
if strings.EqualFold(oc, "groupOfNames") {
hasMembers = true
}
}
2020-02-09 21:06:33 +00:00
templateAdminLDAP.Execute(w, &AdminLDAPTplData{
DN: dn,
Path: path,
Children: children,
Props: props,
HasMembers: len(members) > 0 || hasMembers,
2020-02-09 21:06:33 +00:00
Members: members,
HasGroups: len(groups) > 0 || hasGroups,
2020-02-09 21:06:33 +00:00
Groups: groups,
2020-02-09 21:32:59 +00:00
Error: dError,
Success: dSuccess,
2020-02-09 21:06:33 +00:00
})
2020-02-09 17:28:42 +00:00
}