<?php
       
//------------------------------------------------------------------------------
//  Licensed Materials - Property of IBM
//  (c) Copyright IBM Corporation 2001,2002 All Rights Reserved.
//  US Government Users Restricted Rights - Use, duplication or disclosure 
//  restricted by GSA ADP Schedule Contract with IBM Corp.
//------------------------------------------------------------------------------
//  Set LDAP Settings
//  
//  Filename:  ma_ldap_set.htm
// 
//
//  Input:  POST data
//      url             original request page
//      errorCode       result of operation
//      returnMessage   text information about the operation results     
//
//  Ouput:  POST ('form_out')
//
//      url             original request page
//      
//  Change History:
//      
//  Date        Defect  Changed By  Description of Change
//  ----        ------  ----------  ---------------------
//  07/11/2006          rwinston    File Created
//  09/07/2012  1832    dagalleg    Add support for super user using LDAP
//  09/24/2012  1829    dagalleg    Add SNMP audit logging.  
//
//------------------------------------------------------------------------------

    include('main_inc.htm');
    include('common_admin_inc.htm');
    
    $ldap_kt = "";

    class CLDAP_info
    {
        var $enabled;
        var $lib_ug;
        var $lib_ag;
        var $principal;
        var $credential;
        var $repository_uri;
        var $user_dn;
        var $group_dn;
        var $domain;
		var $use_start_tls;
		var $lib_sg;
		

        function CLDAP_info($enabled, $lib_ug, $lib_ag, $principal, $credential, $repository_uri, $user_dn, $group_dn, $domain, $use_start_tls, $lib_sg)
        {
            $this->enabled = $enabled;
            $this->lib_ug = $lib_ug;
            $this->lib_ag = $lib_ag;
            $this->principal = $principal;
            $this->credential = $credential;
            $this->repository_uri = $repository_uri;
            $this->user_dn = $user_dn;
            $this->group_dn = $group_dn;
            $this->domain = $domain;
			$this->use_start_tls = $use_start_tls;
			$this->lib_sg = $lib_sg;
        }
    };

    class CKRB5_info
    {
        var $enabled;
        var $realm;
        var $kdc;
        var $mappings;
        var $kt;

        function CKRB5_info($enabled, $realm, $kdc, $mappings, $kt)
        {
            $this->enabled = $enabled;
            $this->realm = $realm;
            $this->kdc = $kdc;
            $this->mappings = $mappings;
            $this->kt = $kt;
        }
    };

    //initialize variables
    $errorCode = 0;
    $returnMessage = " ";
    $url = " ";
    
    // if this is a post, then this is a request for work to be done
    if ($_SERVER['REQUEST_METHOD'] == "POST")
    {
        $url = $_REQUEST['url'];

        if($_REQUEST['test_ldap'] == "1" )
        {
			$userToTest = $_REQUEST['userToTest'];
			$passToTest = $_REQUEST['passToTest'];
            error_log("LDAP test, userToTest: ".$userToTest);
            $testError = test_ldap($user, $userToTest, $passToTest);
            error_log("LDAP test, result: ".$testError);

            if(!$testError)
            {
                $returnMessage = "The LDAP Connection Test was successfully completed.";
            }
            else
            {
                $returnMessage = "The LDAP Connection Test did not complete successfully. Please check settings and try again.";
            }
        }
        else
        {
        	if(strcmp($_REQUEST['tls'], "on") == 0)
        	{
        		$tls = 1;
        	}
        	else
        	{
        		$tls = 0;
        	}
        	
        	if(strcmp($_REQUEST['removecert'], "on") == 0)
        	{
        		$removecert = true;
        	}
        	else
        	{
        		$removecert = false;
        	}
        	
			$ldap_kt = $_FILES['sslcert']['tmp_name'];
        	
        	if((is_uploaded_file($ldap_kt)) || (strcmp($ldap_kt, "") == 0))
            {
				$ldap_info = new CLDAP_info(1,
	                                        $_REQUEST['lib_ug'],
	                                        $_REQUEST['lib_ag'],
	                                        $_REQUEST['principal'],
	                                        $_REQUEST['credential'],
	                                        $_REQUEST['repository_uri'],
	                                        $_REQUEST['user_dn'],
	                                        $_REQUEST['group_dn'],
	                                        "LDAP_DOMAIN",
											$tls,
											$_REQUEST['lib_sg']);
	
	            $krb5_info = new CKRB5_info(0, "", "", "", "");

				// if a TLS cert is added or removed the library will restart
	            set_ldap($user, $ldap_info, $removecert, $ldap_kt);
	            set_krb5($user, $krb5_info);
	            if(get_snmp_audit_logging_enabled($user) == '1')
        		{
					error_log("send_snmp_audit_logging_library_config_changed_trap");
					send_snmp_audit_logging_library_config_changed_trap($user, "A library configuration setting has been changed from the Web UI");
        		}
	            $returnMessage = "The LDAP Configuration was successfully updated.";
            }
            else
            {
                if (is_null($_FILES['sslcert']))
                {
                	$returnMessage = "The uploaded file exceeds the upload_max_filesize directive in php.ini";
                }
                else
                {
                    switch($_FILES['sslcert']['error'])
		            {
		                case UPLOAD_ERR_INI_SIZE:
		                    $returnMessage = "The uploaded file exceeds the upload_max_filesize directive in php.ini";
		                break;
		                case UPLOAD_ERR_FORM_SIZE:
		                    $returnMessage = "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form";
		                break;
		                case UPLOAD_ERR_PARTIAL:
		                    $returnMessage = "The uploaded file was only partially uploaded";
		                break;
		                case UPLOAD_ERR_NO_FILE:
		                    $returnMessage = "No file was uploaded";
		                break;
		                case UPLOAD_ERR_NO_TMP_DIR:
		                    $returnMessage = "Missing a temporary folder";
		                break;
		                case UPLOAD_ERR_CANT_WRITE:
		                    $returnMessage = "Failed to write file to disk";
		                break;
		                case UPLOAD_ERR_EXTENSION:
		                    $returnMessage = "File upload stopped by extension";
		                break;
		                default:
		                    $returnMessage = "Unknown upload error";
		                break;
		            }
                }
            }
        }
    }
?>
<!doctype html public "-//W3C//DTD HTML 3.2 Final//EN" "http://validator.w3.org/sgml-lib/sp-1.3/pubtext/HTML32.dtd">
<html dir="LTR" lang="en-us">
    <head>
        <title>Set LDAP Settings</title>
        <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
        <link href="css/3576.css" rel="stylesheet" type="text/css">
        <script src="utils.js" type="text/javascript">
        </script>
        <script type="text/javascript">
            function doWork()
            {
                // doWork is executed after all the php has completed and the work
                // (call to the extension) has been done, so submit the outgoing form
                // to the url passed in to this page (this is the return url)
                parent.stopTimer('<?=$returnMessage;?>', '<?=$url;?>');
                document.form_out.submit();
                
                return;
            }
        </script>
    </head>
    <body onload="javascript:doWork();" id="main">
    	<?
    		if($removecert || is_uploaded_file($ldap_kt))
    		{
    	?>
        		<form dir="ltr" id="form_out" method="POST" name="form_out" action="reboot_page.htm" target="_top">
        		<input id="operation" name="operation" type="hidden" value="sslchange">
				</form>
        <?
        	}
        	else
        	{
        ?>
        		<form dir="ltr" id="form_out" method="post" name="form_out" action="main_complete.htm" target="pretitlebar">
            		<input id="errorCode" name="errorCode" type="hidden" value="<?=$errorCode;?>">
            		<input id="url" name="url" type="hidden" value="<?=$url;?>">
            		<input id="returnMessage" name="returnMessage" type="hidden" value="<?=$returnMessage;?>">
        		</form>
		<?
			}
		?>
	</body>
</html>