MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'pr-8946' into develop

composer_fix
Sami Mokaddem 2023-03-10 11:19:42 +01:00
parent 92c29436d4 b2ad8fc687
commit a78b2d7b77
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
3 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Config/config.default.php
View File

@ -213,12 +213,13 @@ $config = array(
// Warning: The following is a 3rd party contribution and still untested (including security) by the MISP-project team. // Warning: The following is a 3rd party contribution and still untested (including security) by the MISP-project team.
// Feel free to enable it and report back to us if you run into any issues. // Feel free to enable it and report back to us if you run into any issues.
// //
// Uncomment the following to enable Kerberos authentication // Uncomment the following to enable Kerberos/LDAP authentication
// needs PHP LDAP support enabled (e.g. compile flag --with-ldap or Debian package php5-ldap) // needs PHP LDAP support enabled (e.g. compile flag --with-ldap or Debian package php5-ldap)
/* /*
'ApacheSecureAuth' => array( // Configuration for kerberos authentication 'ApacheSecureAuth' => array( // Configuration for kerberos/LDAP authentication
'apacheEnv' => 'REMOTE_USER', // If proxy variable = HTTP_REMOTE_USER, If BasicAuth ldap = PHP_AUTH_USER 'apacheEnv' => 'REMOTE_USER', // If proxy variable = HTTP_REMOTE_USER, If BasicAuth ldap = PHP_AUTH_USER
'ldapServer' => 'ldap://example.com', // FQDN or IP 'ldapServer' => 'ldap://example.com', // FQDN or IP, ldap:// for LDAP or LDAP+STARTTLS, ldaps:// for LDAPS
'starttls' => true, // true for STARTTLS, ignored for LDAPS
'ldapProtocol' => 3, 'ldapProtocol' => 3,
'ldapNetworkTimeout' => -1, // use -1 for unlimited network timeout 'ldapNetworkTimeout' => -1, // use -1 for unlimited network timeout
'ldapReaderUser' => 'cn=userWithReadAccess,ou=users,dc=example,dc=com', // DN ou RDN LDAP with reader user right 'ldapReaderUser' => 'cn=userWithReadAccess,ou=users,dc=example,dc=com', // DN ou RDN LDAP with reader user right

2
app/Console/Command/Ls22Shell.php
View File

@ -122,7 +122,7 @@ class Ls22Shell extends AppShell
'short' => 's', 'short' => 's',
'required' => true 'required' => true
], ],
'json' => [ 'value' => [
'help' => 'The value to set for the given setting', 'help' => 'The value to set for the given setting',
'short' => 'v', 'short' => 'v',
'required' => true 'required' => true

13
app/Controller/Component/Auth/ApacheAuthenticate.php
View File

@ -38,10 +38,10 @@ class ApacheAuthenticate extends BaseAuthenticate
} }
return $returnCode; return $returnCode;
} }
private function getEmailAddress($ldapEmailField, $ldapUserData) private function getEmailAddress($ldapEmailField, $ldapUserData)
{ {
// return the email address of an LDAP user if one of the fields in $ldapEmaiLField exists // return the email address of an LDAP user if one of the fields in $ldapEmaiLField exists
foreach($ldapEmailField as $field) { foreach($ldapEmailField as $field) {
if (isset($ldapUserData[0][$field][0])) { if (isset($ldapUserData[0][$field][0])) {
return $ldapUserData[0][$field][0]; return $ldapUserData[0][$field][0];
@ -73,6 +73,14 @@ class ApacheAuthenticate extends BaseAuthenticate
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, Configure::read('ApacheSecureAuth.ldapProtocol')); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, Configure::read('ApacheSecureAuth.ldapProtocol'));
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, Configure::read('ApacheSecureAuth.ldapAllowReferrals', true)); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, Configure::read('ApacheSecureAuth.ldapAllowReferrals', true));
if (Configure::read('ApacheSecureAuth.starttls', false) == true) {
# Default is false, sine STARTTLS support is a new feature
# Ignored on ldaps://, but can trigger problems for orgs
# using unencrypted LDAP. Loose comparison allows users to
# use # true / 1 / etc.
ldap_start_tls($ldapconn);
}
if ($ldapconn) { if ($ldapconn) {
// LDAP bind // LDAP bind
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass); $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
@ -105,7 +113,6 @@ class ApacheAuthenticate extends BaseAuthenticate
} else { } else {
die("User not found in LDAP"); die("User not found in LDAP");
} }
// close LDAP connection // close LDAP connection
ldap_close($ldapconn); ldap_close($ldapconn);
} }