Announcement

Collapse
No announcement yet.

suppression de l'authentification

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • suppression de l'authentification

    Bonjour,

    Je souhaiterais supprimer l'authentification de Oreon, et me connecter directement avec tous les privilèges. Ma version est la 1.4, mais je ne sais pas du tout comment faire. Je ne trouve rien sur l'interface. Faut il le faire à la "mano" ???

    Merci.
    Ced

  • #2
    je crois que c'est impossible et je pense que ce serai normal. Dans quel but tu veus faire ca ? au pire du enregistre le mot de passe , ta un bouton a cliquer en début de journée
    Master Sécurité des Systèmes d' Information
    Nagios v2.9 ||Nagios-plugins 1.4.9 || snmp v2c || Oreon 1.4 INside || ODS || 59 hosts && 128 services
    || Nagios Checker


    [email protected] vs Jonhbob le choc des GDR ^^

    Comment


    • #3
      On peut te generer un lien d'autologin si tu le souhaites ?
      Romain Le Merlus
      Centreon Forge
      MERETHIS

      Comment


      • #4
        Bonjour,

        Merci de vos réponses. Pour vous expliquer brevement le but de ceci, j'ai intégré oreon, cacti et nagios dans une plateforme de surveillance propre à l'entreprise, qui, cette dernière, est protégé par un couple login/mot de passe.
        Les utilisateurs ne souhaitant pas taper et connaitre tout ces mots de passe, j'ai du l'authentification de nagios (seuleument un .htaccess, donc facile), de cacti (possible via l'interface) et oreon (plus difficile).

        Voila, pour info, j'ai réussi en bidouillant le php (pour l'instant aucun bug en tt cas). Je vous le met a dispo si ca peut servir a quelqu'un (bien que ca m'etonnerait hihi) :

        Dans un premier temps, on ajoute dans /usr/local/oreon/www/index.php (ligne 226) le couple login/mdp que l'on souhaite utiliser :

        Code:
                if (isset($_SESSION["oreon"])) {        // already connected
                        $oreon = & $_SESSION["oreon"];
                        $pearDB->query("DELETE FROM session WHERE session_id = '".session_id()."'");
                        Session::stop();
                        Session::start();
                }
        
                if (isset($_POST["submit"]) || (isset($_GET["autologin"]) && isset($_GET["p"]) && $_GET["autologin"])) {
                        require_once("DBconnect.php");
                        isset($_GET["useralias"]) ? $useraliasG = $_GET["useralias"] : $useraliasG = NULL;
                        isset($_POST["useralias"]) ? $useraliasP = $_POST["useralias"] : $useraliasP = NULL;
        
        $useraliasP="monLOGIN";
        
                        $useraliasG ? $useralias = $useraliasG : $useralias = $useraliasP;
                        isset($_GET["password"]) ? $passwordG = $_GET["password"] : $passwordG = NULL;
                        isset($_POST["password"]) ? $passwordP = $_POST["password"] : $passwordP = NULL;
        
        $passwordG = "monMDP";
        
                        $passwordG ? $password = $passwordG : $password = $passwordP;
                        # BugFix  #224
                        $password = ($password == '' ? time() : $password  );
                    #
        
                        if (!isset($_POST["submit"]))
                                $res =& $pearDB->query("SELECT * FROM contact WHERE MD5(contact_alias)='".htmlentities($useralias, ENT_QUOTES)."' AND contact_activa$
                        else
                                $res =& $pearDB->query("SELECT * FROM contact WHERE contact_alias='".htmlentities($useralias, ENT_QUOTES)."' AND contact_activate = $

        Comment


        • #5
          Puis on supprime toutes les conditions liées au submit (bouton validation), pour ne garder que les "else" (ici, en gras ce quil faut supprimer):

          Code:
           if (!file_exists("./oreon.conf.php"))
                          header("Location: ./install/setup.php");
                  else if (file_exists("./oreon.conf.php") && is_dir('install'))
                          header("Location: ./install/upgrade.php");
                  else
                          require_once ("./oreon.conf.php");
          
                  require_once ("$classdir/Session.class.php");
                  require_once ("$classdir/Oreon.class.php");
                  require_once("DBconnect.php");
          
                  // detect installation dir
                  $file_install_acces = 0;
                  if (file_exists("./install/setup.php")){
                          $error_msg = "Installation Directory '". getcwd() ."/install/' is accessible. Delete this directory to prevent security problem.";
                          $file_install_acces = 1;
                  }
          
                  ini_set("session.gc_maxlifetime", "31536000");
          
                  Session::start();
                  if (isset($_GET["disconnect"])) {
                          $oreon = & $_SESSION["oreon"];
                          $pearDB->query("DELETE FROM session WHERE session_id = '".session_id()."'");
                          Session::stop();
                          Session::start();
                  }
          
                  if (isset($_SESSION["oreon"])) {        // already connected
                          $oreon = & $_SESSION["oreon"];
                          $pearDB->query("DELETE FROM session WHERE session_id = '".session_id()."'");
                          Session::stop();
                          Session::start();
                  }
          
          //      if (isset($_POST["submit"]) || (isset($_GET["autologin"]) && isset($_GET["p"]) && $_GET["autologin"])) {
                          require_once("DBconnect.php");
                          isset($_GET["useralias"]) ? $useraliasG = $_GET["useralias"] : $useraliasG = NULL;
                          isset($_POST["useralias"]) ? $useraliasP = $_POST["useralias"] : $useraliasP = NULL;
          
          $useraliasP="monLOGIN";
          
                          $useraliasG ? $useralias = $useraliasG : $useralias = $useraliasP;
                          isset($_GET["password"]) ? $passwordG = $_GET["password"] : $passwordG = NULL;
                          isset($_POST["password"]) ? $passwordP = $_POST["password"] : $passwordP = NULL;
          
          $passwordG = "monMDP";
          
                          $passwordG ? $password = $passwordG : $password = $passwordP;
                          # BugFix  #224
                          $password = ($password == '' ? time() : $password  );
                      #
          
          //              if (!isset($_POST["submit"]))
          //                      $res =& $pearDB->query("SELECT * FROM contact WHERE MD5(contact_alias)='".htmlentities($useralias, ENT_QUOTES)."' AND contact_activate = '1' LIMIT 1");
          //              else
                                  $res =& $pearDB->query("SELECT * FROM contact WHERE contact_alias='".htmlentities($useralias, ENT_QUOTES)."' AND contact_activate = '1' LIMIT 1");
          
                          if($res->numRows()) {
                                  $contact = $res->fetchRow();
                                          if ($contact["contact_oreon"]){
                                                  $res =& $pearDB->query("SELECT debug_path, debug_auth  FROM general_opt LIMIT 1");
                                                  if (PEAR::isError($res))
                                                  die($res->getMessage());
                                          $debug = $res->fetchRow();
                                          $res =& $pearDB->query("SELECT ldap_host, ldap_port, ldap_base_dn, ldap_login_attrib, ldap_ssl, ldap_auth_enable FROM general_opt LIMIT 1");
                                          $ldap_auth = $res->fetchRow();
                                          $debug_auth = $debug['debug_auth'];
                                          $debug_path = $debug['debug_path'];
                                          if (!isset($debug_auth))
                                                  $debug_auth = 0;
                                          $connect = true;
                                          $fallback = false;
                                          if ($ldap_auth['ldap_auth_enable'] == 1 && $contact['contact_auth_type'] == "ldap" ) {
                                                  $connect = true;
          
                                                  # BugFix  #265
                                                  if  ((!(isset($contact['contact_ldap_dn'] )) || $contact['contact_ldap_dn']  == '' ) ) {
                                                          $contact['contact_ldap_dn']  = "anonymous" ;
                                                          if ($debug_auth == 1)
                                                                  error_log("[" . date("d/m/Y H:s") ."] LDAP User Mapping : ". $useralias ." don't have LDAP DN information ! Switching to anonymous\n", 3, $debug_path."auth.log");
                                                  }
                                                  #
          
                                                  if ($debug_auth == 1)
                                                          error_log("[" . date("d/m/Y H:s") ."] LDAP User Mapping : ". $useralias ." => " . $contact['contact_ldap_dn'] . "\n", 3, $debug_path."auth.log");
          
                                                  if ($ldap_auth['ldap_ssl'])
                                                          $ldapuri = "ldaps://" ;
                                                  else
                                                          $ldapuri = "ldap://" ;
          
                                                  $ds = ldap_connect($ldapuri . $ldap_auth['ldap_host'].":".$ldap_auth['ldap_port']);
                                                  if ($debug_auth == 1)
                                                          error_log("[" . date("d/m/Y H:s") ."] LDAP Auth Cnx  : ". $ldapuri . $ldap_auth['ldap_host'].":".$ldap_auth['ldap_port']  ." : " . ldap_error($ds) . " (" . ldap_errno($ds) . ")" . "\n", 3, $debug_path."auth.log");
                                                  @ldap_bind($ds, $contact['contact_ldap_dn'], $password);
                                                  if ($debug_auth == 1)
                                                          error_log("[" . date("d/m/Y H:s") ."] LDAP AUTH Bind : ". $contact['contact_ldap_dn'] ." : " . ldap_error($ds) . " (" . ldap_errno($ds) . ")" . "\n", 3, $debug_path."auth.log");
          
                                                  /* In some case, we fallback to local Auth
                                                    0 : Bind succesfull => Default case
                                                   -1 : Can't contact LDAP server (php4) => Fallback
                                                   51 : Server is busy => Fallback
                                                   52 : Server is unavailable => Fallback
                                                   81 : Can't contact LDAP server (php5) => Fallback
                                                   Else : Go away !!
                                                  */
                                                  if ($ds) {
                                                          switch (ldap_errno($ds)) {
                                                          case 0:
                                                             $connect = true;
                                                             $fallback = false;
                                                                  if ($debug_auth == 1)
                                                                          error_log("[" . date("d/m/Y H:s") ."] LDAP AUTH : OK, let's go to Local AUTH\n", 3, $debug_path."auth.log");
                                                             break;

          Comment


          • #6
            suite du fichier (lol) :

            Code:
            case -1:
                                                            case 51:
                                                            case 52:
                                                            case 81:
                                                                    $connect = false;
                                                                    $fallback = true;
                                                                    if ($debug_auth == 1)
                                                                            error_log("[" . date("d/m/Y H:s") ."] LDAP AUTH : Error, Fallback to Local AUTH\n", 3, $debug_path."auth.log");
                                                               break;
                                                            default:
                                                               $connect = false;
                                                               $fallback = false;
                                                               if ($debug_auth == 1)
                                                                            error_log("[" . date("d/m/Y H:s") ."] LDAP AUTH : LDAP don't like you, sorry \n", 3, $debug_path."auth.log");
                                                               break;
                                                            }
            
                                                    //if ($ds && ((ldap_errno($ds) == 0 ) || (ldap_errno($ds) == -1 )  || (ldap_errno($ds) == 51 ) || (ldap_errno($ds) == 52 ) || (ldap_errno($ds) == 81 ) )) {
                                                    //      $connect = true;
                                                    //      if ($debug_auth == 1)
                                                    //              error_log("[" . date("d/m/Y H:s") ."] LDAP AUTH : OK, let's go to Local AUTH\n", 3, $debug_path."auth.log");
                                                    } else {
                                                            $connect = false;
                                                            $fallback = false;
                                                    }
                                                    ldap_close($ds);
                                            }
                                            $res->free();
                                            //update password in mysql database to provide login even if there is LDAP connection
            //                              if (isset($_POST["submit"]) && $ldap_auth['ldap_auth_enable'] == 1 && $contact['contact_auth_type'] == "ldap" && $connect && !$fallback) {
            //                                      $pearDB->query("UPDATE contact set contact_passwd = '".md5($password)."' WHERE contact_alias ='".$useralias."' ");
            //                                      if ($debug_auth == 1)
            //                                              error_log("[" . date("d/m/Y H:s") ."] LDAP AUTH : Local password updated with LDAP password for $useralias \n", 3, $debug_path."auth.log");
            //                              }
                                            if ($connect || $fallback) {
                                                    if ($debug_auth == 1)
                                                            error_log("[" . date("d/m/Y H:s") ."] Local AUTH : Local Auth or LDAP Fallback\n", 3, $debug_path."auth.log");
                                                    // Autologin case => contact_alias is MD5 format
            //                                      if (!isset($_POST["submit"]))
            //                                              $res =& $pearDB->query("SELECT * FROM contact WHERE MD5(contact_alias)='".htmlentities($useralias, ENT_QUOTES)."' and contact_passwd='".htmlentities($password, ENT_QUOTES)."' AND contact_activate = '1' LIMIT 1");
                                                    // Normal auth
            //                                      else
                                                            $res =& $pearDB->query("SELECT * FROM contact WHERE contact_alias='".htmlentities($useralias, ENT_QUOTES)."' and contact_passwd='".md5(htmlentities($password, ENT_QUOTES))."' AND contact_activate = '1' LIMIT 1");
                                                    if ($res->numRows() ) {
                                                            if ($debug_auth == 1)
                                                                    error_log("[" . date("d/m/Y H:s") ."] Local AUTH : User " . $useralias ." Successfully authentificated\n", 3, $debug_path."auth.log");
                                                            global $oreon;
                                                            $res2 =& $pearDB->query("SELECT nagios_version FROM general_opt");
                                                            $version = $res2->fetchRow();
                                                            $user =& new User($res->fetchRow(), $version["nagios_version"]);
                                                            //$user->createLCA($pearDB);
                                                            $oreon = new Oreon($user);
                                                            $_SESSION["oreon"] =& $oreon;
                                                            $res =& $pearDB->query("SELECT session_expire FROM general_opt LIMIT 1");
                                                            $session_expire =& $res->fetchRow();
                                                            $res =& $pearDB->query("SELECT * FROM session");
                                                            while ($session =& $res->fetchRow())
                                                                    if ($session["last_reload"] + ($session_expire["session_expire"] * 60) <= time())
                                                                            $pearDB->query("DELETE FROM session WHERE session_id = '".$session["session_id"]."'");
                                                                    $pearDB->query("INSERT INTO `session` (`session_id` , `user_id` , `current_page` , `last_reload`, `ip_address`) VALUES ('".session_id()."', '".$oreon->user->user_id."', '1', '".time()."', '".$_SERVER["REMOTE_ADDR"]."')");
            //                                              if (!isset($_POST["submit"]))   {
            //                                                      $args = NULL;
            //                                                      foreach($_GET as $key=>$value)
            //                                                              $args ? $args .= "&".$key."=".$value : $args = $key."=".$value;
            //                                                      header("Location: ./oreon.php?".$args."");
            //                                              }
            //                                              else
                                                                    header("Location: ./oreon.php");
                                                            $connect = true;
                                                    }
                                            }
                                    }
                            }
            //      }
            
                    $res =& $pearDB->query("SELECT template FROM general_opt LIMIT 1");
                    $res->fetchInto($data);
                    $skin = "./Themes/".$data["template"]."/";
            
            ?>
            Voila, etant un petit develloppeur, ceci et peut etre fait a l'arrache, ms bon ... ca a l'air de fonctionner.
            Desole pour les develloppeur de Oreon, mais vous savez, .... les besoins de l'entreprise ... En tout cas, bravo pour ce magnifique code, il est tres bien fait, j'ai vite retrouvé ou j'en etait.

            Merci.
            Ced

            Comment

            Working...
            X