Context Navigation

source: companies/serpro/phpgwapi/inc/class.auth_ldap.inc.php @ 903

Revision 903, 10.6 KB checked in by niltonneto, 15 years ago (diff)
Importacao inicial do Expresso do Serpro

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Auth from LDAP *
4	* This file written by Lars Kneschke <lkneschke@linux-at-work.de> *
5	* and Joseph Engo <jengo@phpgroupware.org> *
6	* Authentication based on LDAP Server *
7	* Copyright (C) 2000, 2001 Joseph Engo *
8	* Copyright (C) 2002, 2003 Lars Kneschke *
9	* -------------------------------------------------------------------------*
10	* This library is part of the eGroupWare API *
11	* http://www.egroupware.org/api *
12	* ------------------------------------------------------------------------ *
13	* This library is free software; you can redistribute it and/or modify it *
14	* under the terms of the GNU Lesser General Public License as published by *
15	* the Free Software Foundation; either version 2.1 of the License, *
16	* or any later version. *
17	* This library is distributed in the hope that it will be useful, but *
18	* WITHOUT ANY WARRANTY; without even the implied warranty of *
19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
20	* See the GNU Lesser General Public License for more details. *
21	* You should have received a copy of the GNU Lesser General Public License *
22	* along with this library; if not, write to the Free Software Foundation, *
23	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
24	\**************************************************************************/
25
26
27	class auth_
28	{
29	var $previous_login = -1;
30	var $auth_reason = 0;
31	var $passwd = "";
32	var $dn = "";
33
34	function authenticate($username, $passwd)
35	{
36	if (ereg('[()\|&=*,<>!~]',$username))
37	{
38	return False;
39	}
40
41	if(!$ldap = @ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']))
42	{
43	$GLOBALS['phpgw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped');
44	$GLOBALS['phpgw']->log->commit();
45	return False;
46	}
47
48	if($GLOBALS['phpgw_info']['server']['ldap_version3'])
49	{
50	ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
51	}
52
53	ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
54
55	/* Login with the LDAP Admin. User to find the User DN. */
56	if(!@ldap_bind($ldap, $GLOBALS['phpgw_info']['server']['ldap_root_dn'], $GLOBALS['phpgw_info']['server']['ldap_root_pw']))
57	{
58	return False;
59	}
60	/* find the dn for this uid, the uid is not always in the dn */
61	$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber');
62
63	$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)';
64	$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter);
65
66	if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
67	{
68	$filter = "(&$filter(phpgwaccountstatus=A))";
69	}
70
71	$sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes);
72	$allValues = ldap_get_entries($ldap, $sri);
73
74	if ($allValues['count'] > 0)
75	{
76	if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
77	{
78	if($allValues[0]['uid'][0] != $username)
79	{
80	return false;
81	}
82	}
83	/* we only care about the first dn */
84	$userDN = $allValues[0]['dn'];
85	/*
86	generate a bogus password to pass if the user doesn't give us one
87	this gets around systems that are anonymous search enabled
88	*/
89	if (empty($passwd))
90	{
91	$passwd = crypt(microtime());
92	}
93	/* try to bind as the user with user suplied password */
94	if (@ldap_bind($ldap, $userDN, $passwd))
95	{
96	if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap')
97	{
98	$account = CreateObject('phpgwapi.accounts',$username,'u');
99	if (!$account->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct'])
100	{
101	// create a global array with all availible info about that account
102	$GLOBALS['auto_create_acct'] = array();
103	foreach(array(
104	'givenname' => 'firstname',
105	'sn' => 'lastname',
106	'uidnumber' => 'id',
107	'mail' => 'email',
108	'gidnumber' => 'primary_group',
109	) as $ldap_name => $acct_name)
110	{
111	$GLOBALS['auto_create_acct'][$acct_name] =
112	$GLOBALS['phpgw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
113	}
114	return True;
115	}
116	$data = $account->read_repository();
117	return $data['status'] == 'A';
118	}
119	return True;
120	}
121	else
122	{
123	$this->auth_reason = ldap_errno($ldap);
124	return False;
125	}
126	}
127	/* dn not found or password wrong */
128	return False;
129	}
130	function change_password_user ($old_passwd, $new_passwd, $dn, $referrals=false)
131	{
132	//system('echo "CP old_passwd: '.$old_passwd.'" >>/tmp/controle');
133	//system('echo "CP new_passwd: '.$new_passwd.'" >>/tmp/controle');
134	//system('echo "CP dn: '.$dn.'" >>/tmp/controle');
135	//system('echo "CP referrals: '.$referrals.'" >>/tmp/controle');
136	$ds=ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']);
137	if (!$ds)
138	{
139	//system('echo "CP Nao conectou no ldap" >>/tmp/controle');
140	$this->auth_reason = ldap_errno($ldap);
141	return False;
142	}
143	else
144	{
145	if ($referrals)
146	{
147	//system('echo "CP Entrou referrals" >>/tmp/controle');
148	$this->passwd=$old_passwd;
149	$this->dn=$dn;
150	ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
151	ldap_set_option($ds, LDAP_OPT_REFERRALS, 1);
152	if($GLOBALS['phpgw_info']['server']['diretorioescravo'])
153	{
154	ldap_set_rebind_proc($ds, array($this, '_rebindProc'));
155	}
156	}
157	$modify["userpassword"]=$new_passwd;
158	if (!@ldap_bind($ds,$dn,$old_passwd))
159	{
160	//system('echo "CP nao conseguiu dar bind" >>/tmp/controle');
161	//Se a politica estiver no diretorio eh necessario tentar alterar a senha mesmo que nao haja um bind, pois a negacao de bind pode ser proveniente de uma expiracao
162	if($GLOBALS['phpgw_info']['server']['politicasenhas']=='diretorio')
163	{
164	//system('echo "CP politica eh no diretorio" >>/tmp/controle');
165	if (!@ldap_mod_replace($ds,$dn,$modify))
166	{
167	//system('echo "CP nao conseguiu fazer replace!" >>/tmp/controle');
168	$this->auth_reason = ldap_errno($ds);
169	return false;
170	}
171	else
172	{
173	//system('echo "CP replace funcionou!" >>/tmp/controle');
174	return true;
175	}
176	}
177	$this->auth_reason = ldap_errno($ds);
178	return False;
179	}
180	else
181	{
182	//system('echo "CP Conseguiu dar bind" >>/tmp/controle');
183	if (!ldap_mod_replace($ds,$dn,$modify))
184	{
185	$this->auth_reason = ldap_errno($ds);
186	return False;
187	}
188	else
189	{
190	return True;
191	}
192	}
193	}
194	}
195	function _rebindProc($conn, $who)
196	{
197	//system('echo "CP REBIND!!!!!!!!!!" >> /tmp/controle');
198	//system('echo "CP REBIND PASS: '.$this->passwd.'" >> /tmp/controle');
199	//system('echo "CP REBIND DN: '.$this->dn.'" >> /tmp/controle');
200	//system('echo "CP REBIND who: '.$who.'" >> /tmp/controle');
201	$who = preg_replace(array('\|^.://\|', '\|:\d$\|'), '', $who);
202	$bind = ldap_bind($conn,$this->dn,$this->passwd);
203	return 0;
204	}
205
206	function change_password($old_passwd, $new_passwd, $_account_id='')
207	{
208	if ('' == $_account_id)
209	{
210	$username = $GLOBALS['phpgw_info']['user']['account_lid'];
211	}
212	else
213	{
214	$username = $GLOBALS['phpgw']->accounts->id2name($_account_id);
215	}
216	$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)';
217	$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter);
218
219	$ds = $GLOBALS['phpgw']->common->ldapConnect();
220	$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter);
221	$allValues = ldap_get_entries($ds, $sri);
222	//$entry['userpassword'] = $this->encrypt_password($new_passwd);
223	$entry['userpassword'] = $new_passwd;
224
225	/* SAMBA Begin's*/
226	foreach ($allValues[0]['objectclass'] as $objectclass)
227	{
228	if ($objectclass == 'sambaSamAccount')
229	{
230	$entry['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$new_passwd);
231	$entry['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$new_passwd);
232	}
233	}
234	/* SAMBA End's*/
235
236	$dn = $allValues[0]['dn'];
237
238	/* userPasswordRFC2617 Begin's*/
239	$c = CreateObject('phpgwapi.config','expressoAdmin1_2');
240	$c->read_repository();
241	$current_config = $c->config_data;
242	if ($current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
243	{
244	$realm = $current_config['expressoAdmin_realm_userPasswordRFC2617'];
245	$uid = $allValues[0]['uid'][0];
246	$password = $new_passwd;
247	$passUserRFC2617 = $realm . ': ' . md5("$uid:$realm:$password");
248
249	if ($allValues[0]['userpasswordrfc2617'][0] != '')
250	$entry['userPasswordRFC2617'] = $passUserRFC2617;
251	else
252	{
253	$ldap_add['userPasswordRFC2617'] = $passUserRFC2617;
254	if (!@ldap_mod_add($ds, $dn, $ldap_add))
255	{
256	return false;
257	}
258	}
259	}
260	/* userPasswordRFC2617 End's*/
261
262	if (!@ldap_modify($ds, $dn, $entry))
263	{
264	return false;
265	}
266	$GLOBALS['phpgw']->session->appsession('password','phpgwapi',base64_encode($new_passwd));
267	return $new_passwd;
268	}
269
270	function update_lastlogin($_account_id, $ip)
271	{
272	if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
273	{
274	$entry['phpgwaccountlastlogin'] = time();
275	$entry['phpgwaccountlastloginfrom'] = $ip;
276
277	$ds = $GLOBALS['phpgw']->common->ldapConnect();
278	$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
279	$allValues = ldap_get_entries($ds, $sri);
280
281	$dn = $allValues[0]['dn'];
282	$this->previous_login = $allValues[0]['phpgwaccountlastlogin'][0];
283
284	@ldap_modify($ds, $dn, $entry);
285	}
286	else
287	{
288	$GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$_account_id'",__LINE__,__FILE__);
289	$GLOBALS['phpgw']->db->next_record();
290	$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
291
292	$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
293	. "$ip', account_lastlogin='" . time()
294	. "' where account_id='$_account_id'",__LINE__,__FILE__);
295	}
296	}
297	}
298	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: