From 5946118e6df0042d9380d0043c23a2b2ea184f58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jens=20Mei=C3=9Fner?= <jens.meissner@stunet.tu-freiberg.de>
Date: Sun, 15 Oct 2017 13:59:12 +0200
Subject: [PATCH] Add basic LDAP support.

---
 api/index.php             | 60 +++++++++++++++++++++++++++------------
 config/config-default.php |  3 ++
 2 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/api/index.php b/api/index.php
index e578f41..22b51f9 100644
--- a/api/index.php
+++ b/api/index.php
@@ -17,24 +17,48 @@
 require_once '../config/config-default.php';
 require_once '../lib/database.php';
 $input = json_decode(file_get_contents('php://input'));
-$stmt = $db->prepare("SELECT id,password,type FROM users WHERE name=:name LIMIT 1");
-$stmt->bindValue(':name', $input->user, PDO::PARAM_STR);
-$stmt->execute();
-$stmt->bindColumn('id', $id);
-$stmt->bindColumn('password', $password);
-$stmt->bindColumn('type', $type);
-$stmt->fetch(PDO::FETCH_BOUND);
-if (password_verify($input->password, $password)) {
-    $retval['status'] = "success";
-    session_start();
-    $_SESSION['id'] = $id;
-    $_SESSION['type'] = $type;
-    $randomSecret = base64_encode(openssl_random_pseudo_bytes(32));
-    $_SESSION['secret'] = $randomSecret;
-    setcookie("authSecret", $randomSecret, 0, "/", "", false, true);
-    $csrfToken = base64_encode(openssl_random_pseudo_bytes(32));
-    $_SESSION['csrfToken'] = $csrfToken;
+if ($config['auth_type'] == 'db') {
+	$stmt = $db->prepare('SELECT id,password,type FROM users WHERE name=:name LIMIT 1');
+	$stmt->bindValue(':name', $input->user, PDO::PARAM_STR);
+	$stmt->execute();
+	$stmt->bindColumn('id', $id);
+	$stmt->bindColumn('password', $password);
+	$stmt->bindColumn('type', $type);
+	$stmt->fetch(PDO::FETCH_BOUND);
+	if (password_verify($input->password, $password)) {
+		$retval['status'] = 'success';
+		session_start();
+		$_SESSION['id'] = $id;
+		$_SESSION['type'] = $type;
+		$randomSecret = base64_encode(openssl_random_pseudo_bytes(32));
+		$_SESSION['secret'] = $randomSecret;
+		setcookie('authSecret', $randomSecret, 0, '/', '', false, true);
+		$csrfToken = base64_encode(openssl_random_pseudo_bytes(32));
+		$_SESSION['csrfToken'] = $csrfToken;
+	} else {
+		$retval['status'] = 'fail';
+	}
+} elseif ($config['auth_type'] == 'ldap') {
+	$ldap = @ldap_connect($config['ldap_uri']);
+	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+	@ldap_bind($ldap, $config['ldap_bind_dn'], $config['ldap_bind_pw']);
+	$filter = str_replace('%user%', $input->user, $config['ldap_search']);
+	$result = @ldap_search($ldap, $config['ldap_base_dn'], $filter, array('dn'));
+	$dn = @ldap_get_dn($ldap, ldap_first_entry($ldap, $result));
+	if (@ldap_bind($ldap, $dn, $input->password)) {
+		$retval['status'] = 'success';
+		session_start();
+		$_SESSION['id'] = 0;
+		$_SESSION['type'] = 'admin';
+		$randomSecret = base64_encode(openssl_random_pseudo_bytes(32));
+		$_SESSION['secret'] = $randomSecret;
+		setcookie('authSecret', $randomSecret, 0, '/', '', false, true);
+		$csrfToken = base64_encode(openssl_random_pseudo_bytes(32));
+		$_SESSION['csrfToken'] = $csrfToken;
+	} else {
+		$retval['status'] = 'fail';
+	}
 } else {
-    $retval['status'] = "fail";
+	$retval['status'] = 'fail';
 }
 echo json_encode($retval);
diff --git a/config/config-default.php b/config/config-default.php
index fe95ef6..9e6fe93 100644
--- a/config/config-default.php
+++ b/config/config-default.php
@@ -23,6 +23,9 @@ $config['db_password'] = "";
 $config['db_port'] = 3306;
 $config['db_name'] = "pdnsmanager";
 
+// Authentication source
+$config['auth_type'] = 'db';
+
 //Remote update
 $config['nonce_lifetime'] = 15;