Context Navigation

class.auth_ldap.inc.php @ 5371

Revision 5371, 11.1 KB checked in by brunocosta, 12 years ago (diff)
Ticket #2299 - Pega a msg para o usuário no atributo "usrworkleaveobs" no LDAP
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Auth from LDAP *
4	* This file written by Lars Kneschke <lkneschke@linux-at-work.de> *
5	* and Joseph Engo <jengo@phpgroupware.org> *
6	* Authentication based on LDAP Server *
7	* Copyright (C) 2000, 2001 Joseph Engo *
8	* Copyright (C) 2002, 2003 Lars Kneschke *
9	* -------------------------------------------------------------------------*
10	* This library is part of the eGroupWare API *
11	* http://www.egroupware.org/api *
12	* ------------------------------------------------------------------------ *
13	* This library is free software; you can redistribute it and/or modify it *
14	* under the terms of the GNU Lesser General Public License as published by *
15	* the Free Software Foundation; either version 2.1 of the License, *
16	* or any later version. *
17	* This library is distributed in the hope that it will be useful, but *
18	* WITHOUT ANY WARRANTY; without even the implied warranty of *
19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
20	* See the GNU Lesser General Public License for more details. *
21	* You should have received a copy of the GNU Lesser General Public License *
22	* along with this library; if not, write to the Free Software Foundation, *
23	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
24	\**************************************************************************/
25
26
27	class auth_
28	{
29	var $previous_login = -1;
30
31	function authenticate($username, $passwd)
32	{
33	if (ereg('[()\|&=*,<>!~]',$username))
34	{
35	return False;
36	}
37
38	if(!$ldap = @ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']))
39	{
40	$GLOBALS['phpgw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped');
41	$GLOBALS['phpgw']->log->commit();
42	return False;
43	}
44
45	if($GLOBALS['phpgw_info']['server']['ldap_version3'])
46	{
47	ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
48	}
49
50	ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
51
52	/* Login with the LDAP Admin. User to find the User DN. */
53	if(!@ldap_bind($ldap, $GLOBALS['phpgw_info']['server']['ldap_root_dn'], $GLOBALS['phpgw_info']['server']['ldap_root_pw']))
54	{
55	return False;
56	}
57	/* find the dn for this uid, the uid is not always in the dn */
58	$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber','usercertificate','usrworkleaveobs');
59	$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)';
60	$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter);
61
62	if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
63	{
64	$filter = "(&$filter(phpgwaccountstatus=A))";
65	}
66
67	$sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes);
68	$allValues = ldap_get_entries($ldap, $sri);
69
70	if ($allValues['count'] > 0)
71	{
72	if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
73	{
74	if($allValues[0]['uid'][0] != $username)
75	{
76	return false;
77	}
78	}
79	if($_SESSION['login_certificate'])
80	{
81	# certificate not equal, not authenticate.
82	if($allValues[0]['usercertificate'][0] != $_SESSION['login_certificate'])
83	{
84	return false;
85	}
86	}
87	/* we only care about the first dn */
88	$userDN = $allValues[0]['dn'];
89	/*
90	generate a bogus password to pass if the user doesn't give us one
91	this gets around systems that are anonymous search enabled
92	*/
93	if (empty($passwd))
94	{
95	$passwd = crypt(microtime());
96	}
97	/* try to bind as the user with user suplied password */
98
99	if($allValues[0]['usrworkleaveobs'])
100	$GLOBALS['usrworkleaveobs'] = $allValues[0]['usrworkleaveobs'][0];
101
102	if (@ldap_bind($ldap, $userDN, $passwd))
103	{
104	if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap')
105	{
106	$account = CreateObject('phpgwapi.accounts',$username,'u');
107	if (!$account->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct'])
108	{
109	// create a global array with all availible info about that account
110	$GLOBALS['auto_create_acct'] = array();
111	foreach(array(
112	'givenname' => 'firstname',
113	'sn' => 'lastname',
114	'uidnumber' => 'id',
115	'mail' => 'email',
116	'gidnumber' => 'primary_group',
117	) as $ldap_name => $acct_name)
118	{
119	$GLOBALS['auto_create_acct'][$acct_name] =
120	$GLOBALS['phpgw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
121	}
122	return True;
123	}
124	$data = $account->read_repository();
125	return $data['status'] == 'A';
126	}
127	return True;
128	}else{
129	if(ldap_errno($ldap) == 53)
130	return 0;
131	}
132	}
133	/* dn not found or password wrong */
134	return False;
135	}
136
137	function change_password($old_passwd, $new_passwd, $_account_id='')
138	{
139	if ('' == $_account_id)
140	{
141	$username = $GLOBALS['phpgw_info']['user']['account_lid'];
142	}
143	else
144	{
145	$username = $GLOBALS['phpgw']->accounts->id2name($_account_id);
146	}
147	$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)';
148	$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter);
149
150	// LDAP Replication mode.
151	if ( (!empty($GLOBALS['phpgw_info']['server']['ldap_master_host'])) &&
152	(!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_dn'])) &&
153	(!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_pw'])) )
154	{
155	$ds = $GLOBALS['phpgw']->common->ldapConnect(
156	$GLOBALS['phpgw_info']['server']['ldap_master_host'],
157	$GLOBALS['phpgw_info']['server']['ldap_master_root_dn'],
158	$GLOBALS['phpgw_info']['server']['ldap_master_root_pw']
159	);
160	}
161	else
162	{
163	$ds = $GLOBALS['phpgw']->common->ldapConnect();
164	}
165
166	$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter);
167	$allValues = ldap_get_entries($ds, $sri);
168	$entry['userpassword'] = $this->encrypt_password($new_passwd);
169	$entry['phpgwlastpasswdchange'] = time();
170
171	/* SAMBA Begin's*/
172	foreach ($allValues[0]['objectclass'] as $objectclass)
173	{
174	if ($objectclass == 'sambaSamAccount')
175	{
176	$entry['sambaLMPassword'] = exec( "/home/expressolivre/mkntpwd -L '{$new_passwd}'" );
177	$entry['sambaNTPassword'] = exec( "/home/expressolivre/mkntpwd -N '{$new_passwd}'" );
178	}
179	}
180	/* SAMBA End's*/
181
182	$dn = $allValues[0]['dn'];
183
184	/* userPasswordRFC2617 Begin's*/
185	$c = CreateObject('phpgwapi.config','expressoAdmin1_2');
186	$c->read_repository();
187	$current_config = $c->config_data;
188	if ($current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
189	{
190	$realm = $current_config['expressoAdmin_realm_userPasswordRFC2617'];
191	$uid = $allValues[0]['uid'][0];
192	$password = $new_passwd;
193	$passUserRFC2617 = $realm . ': ' . md5("$uid:$realm:$password");
194
195	if ($allValues[0]['userpasswordrfc2617'][0] != '')
196	$entry['userPasswordRFC2617'] = $passUserRFC2617;
197	else
198	{
199	$ldap_add['userPasswordRFC2617'] = $passUserRFC2617;
200	if (!@ldap_mod_add($ds, $dn, $ldap_add))
201	{
202	return false;
203	}
204	}
205	}
206	/* userPasswordRFC2617 End's*/
207
208	if (!@ldap_modify($ds, $dn, $entry))
209	{
210	return false;
211	}
212	$GLOBALS['phpgw']->session->appsession('password','phpgwapi',base64_encode($new_passwd));
213	return $new_passwd;
214	}
215
216	function change_password_user ($old_passwd, $new_passwd, $dn, $referrals=false)
217	{
218	if ( (!empty($GLOBALS['phpgw_info']['server']['ldap_master_host'])) &&
219	(!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_dn'])) &&
220	(!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_pw'])) )
221	{
222	$ds = $GLOBALS['phpgw']->common->ldapConnect($GLOBALS['phpgw_info']['server']['ldap_master_host'],
223	$GLOBALS['phpgw_info']['server']['ldap_master_root_dn'],
224	$GLOBALS['phpgw_info']['server']['ldap_master_root_pw']);
225	}
226	else
227	{
228	$ds = $GLOBALS['phpgw']->common->ldapConnect();
229	}
230	if (!$ds)
231	{
232	$this->auth_reason = ldap_errno($ldap);
233	return False;
234	}
235	else
236	{
237	if ($referrals)
238	{
239	$this->passwd=$old_passwd;
240	$this->dn=$dn;
241	ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
242	ldap_set_option($ds, LDAP_OPT_REFERRALS, 1);
243	if($GLOBALS['phpgw_info']['server']['diretorioescravo'])
244	{
245	ldap_set_rebind_proc($ds, array($this, '_rebindProc'));
246	}
247	}
248	$modify["userpassword"]=$new_passwd;
249	if (!@ldap_bind($ds,$dn,$old_passwd))
250	{
251	if (!@ldap_mod_replace($ds,$dn,$modify))
252	{
253	$this->auth_reason = ldap_errno($ds);
254	return false;
255	}
256	else
257	{
258	$GLOBALS['phpgw']->session->appsession('password','phpgwapi',base64_encode($new_passwd));
259	return $new_passwd;
260	}
261	$this->auth_reason = ldap_errno($ds);
262	return False;
263	}
264	else
265	{
266	if (!ldap_mod_replace($ds,$dn,$modify))
267	{
268	$this->auth_reason = ldap_errno($ds);
269	return False;
270	}
271	else
272	{
273	$GLOBALS['phpgw']->session->appsession('password','phpgwapi',base64_encode($new_passwd));
274	return $new_passwd;
275	}
276	}
277	}
278	}
279
280
281	function update_lastlogin($_account_id, $ip)
282	{
283	if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
284	{
285	$entry['phpgwaccountlastlogin'] = time();
286	$entry['phpgwaccountlastloginfrom'] = $ip;
287
288	$ds = $GLOBALS['phpgw']->common->ldapConnect();
289	$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
290	$allValues = ldap_get_entries($ds, $sri);
291
292	$dn = $allValues[0]['dn'];
293	$this->previous_login = $allValues[0]['phpgwaccountlastlogin'][0];
294
295	@ldap_modify($ds, $dn, $entry);
296	}
297	else
298	{
299	$GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$_account_id'",__LINE__,__FILE__);
300	$GLOBALS['phpgw']->db->next_record();
301	$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
302
303	$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
304	. "$ip', account_lastlogin='" . time()
305	. "' where account_id='$_account_id'",__LINE__,__FILE__);
306	}
307	}
308	}
309	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/2.3/phpgwapi/inc/class.auth_ldap.inc.php @ 5371

Download in other formats: