Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Annotate
Revision Log

class.auth_ldap.inc.php @ 8221

Revision 8221, 10.4 KB checked in by angelo, 11 years ago (diff)
Ticket #3491 - Compatibilizar Expresso com novas versoes do PHP
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Auth from LDAP *
4	* This file written by Lars Kneschke <lkneschke@linux-at-work.de> *
5	* and Joseph Engo <jengo@phpgroupware.org> *
6	* Authentication based on LDAP Server *
7	* Copyright (C) 2000, 2001 Joseph Engo *
8	* Copyright (C) 2002, 2003 Lars Kneschke *
9	* -------------------------------------------------------------------------*
10	* This library is part of the eGroupWare API *
11	* http://www.egroupware.org/api *
12	* ------------------------------------------------------------------------ *
13	* This library is free software; you can redistribute it and/or modify it *
14	* under the terms of the GNU Lesser General Public License as published by *
15	* the Free Software Foundation; either version 2.1 of the License, *
16	* or any later version. *
17	* This library is distributed in the hope that it will be useful, but *
18	* WITHOUT ANY WARRANTY; without even the implied warranty of *
19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
20	* See the GNU Lesser General Public License for more details. *
21	* You should have received a copy of the GNU Lesser General Public License *
22	* along with this library; if not, write to the Free Software Foundation, *
23	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
24	\**************************************************************************/
25
26
27	class auth_
28	{
29	var $previous_login = -1;
30
31	function authenticate($username, $passwd)
32	{
33	if (preg_match('/[()\|&=*,<>!~]/',$username))
34	{
35	return False;
36	}
37
38	if(!$ldap = @ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']))
39	{
40	$GLOBALS['phpgw']->log->message(array(
41	'text' => 'F-Abort, Failed connecting to LDAP server for authenication, execution stopped',
42	'line' => __LINE__,
43	'file' => __FILE__
44	));
45	$GLOBALS['phpgw']->log->commit();
46	return False;
47	}
48
49	if($GLOBALS['phpgw_info']['server']['ldap_version3'])
50	{
51	ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
52	}
53
54	ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
55
56	/* Login with the LDAP Admin. User to find the User DN. */
57	if(!@ldap_bind($ldap, $GLOBALS['phpgw_info']['server']['ldap_root_dn'], $GLOBALS['phpgw_info']['server']['ldap_root_pw']))
58	{
59	return False;
60	}
61	/* find the dn for this uid, the uid is not always in the dn */
62	$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber');
63
64	$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)';
65	$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter);
66
67	if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
68	{
69	$filter = "(&$filter(phpgwaccountstatus=A))";
70	}
71
72	$sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes);
73	$allValues = ldap_get_entries($ldap, $sri);
74
75	if ($allValues['count'] > 0)
76	{
77	if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
78	{
79	if($allValues[0]['uid'][0] != $username)
80	{
81	return false;
82	}
83	}
84	/* we only care about the first dn */
85	$userDN = $allValues[0]['dn'];
86	/*
87	generate a bogus password to pass if the user doesn't give us one
88	this gets around systems that are anonymous search enabled
89	*/
90	if (empty($passwd))
91	{
92	$passwd = crypt(microtime());
93	}
94	/* try to bind as the user with user suplied password */
95	if (@ldap_bind($ldap, $userDN, $passwd))
96	{
97	if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap')
98	{
99	$account = CreateObject('phpgwapi.accounts',$username,'u');
100	if (!$account->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct'])
101	{
102	// create a global array with all availible info about that account
103	$GLOBALS['auto_create_acct'] = array();
104	foreach(array(
105	'givenname' => 'firstname',
106	'sn' => 'lastname',
107	'uidnumber' => 'id',
108	'mail' => 'email',
109	'gidnumber' => 'primary_group',
110	) as $ldap_name => $acct_name)
111	{
112	$GLOBALS['auto_create_acct'][$acct_name] =
113	$GLOBALS['phpgw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
114	}
115	return True;
116	}
117	$data = $account->read_repository();
118	return $data['status'] == 'A';
119	}
120	return True;
121	}
122	}
123	/* dn not found or password wrong */
124	return False;
125	}
126
127	function change_password($old_passwd, $new_passwd, $_account_id='')
128	{
129	if ('' == $_account_id)
130	{
131	$username = $GLOBALS['phpgw_info']['user']['account_lid'];
132	}
133	else
134	{
135	$username = $GLOBALS['phpgw']->accounts->id2name($_account_id);
136	}
137	$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)';
138	$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter);
139
140	// LDAP Replication mode.
141	if ( (!empty($GLOBALS['phpgw_info']['server']['ldap_master_host'])) &&
142	(!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_dn'])) &&
143	(!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_pw'])) )
144	{
145	$ds = $GLOBALS['phpgw']->common->ldapConnect(
146	$GLOBALS['phpgw_info']['server']['ldap_master_host'],
147	$GLOBALS['phpgw_info']['server']['ldap_master_root_dn'],
148	$GLOBALS['phpgw_info']['server']['ldap_master_root_pw']
149	);
150	}
151	else
152	{
153	$ds = $GLOBALS['phpgw']->common->ldapConnect();
154	}
155
156	$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter);
157	$allValues = ldap_get_entries($ds, $sri);
158	$entry['userpassword'] = $this->encrypt_password($new_passwd);
159	$entry['phpgwlastpasswdchange'] = time();
160
161	/* SAMBA Begin's*/
162	foreach ($allValues[0]['objectclass'] as $objectclass)
163	{
164	if ($objectclass == 'sambaSamAccount')
165	{
166	$entry['sambaLMPassword'] = exec( "/home/expressolivre/mkntpwd -L '{$new_passwd}'" );
167	$entry['sambaNTPassword'] = exec( "/home/expressolivre/mkntpwd -N '{$new_passwd}'" );
168	}
169	}
170	/* SAMBA End's*/
171
172	$dn = $allValues[0]['dn'];
173
174	/* userPasswordRFC2617 Begin's*/
175	$c = CreateObject('phpgwapi.config','expressoAdmin1_2');
176	$c->read_repository();
177	$current_config = $c->config_data;
178	if ($current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
179	{
180	$realm = $current_config['expressoAdmin_realm_userPasswordRFC2617'];
181	$uid = $allValues[0]['uid'][0];
182	$password = $new_passwd;
183	$passUserRFC2617 = $realm . ': ' . md5("$uid:$realm:$password");
184
185	if ($allValues[0]['userpasswordrfc2617'][0] != '')
186	$entry['userPasswordRFC2617'] = $passUserRFC2617;
187	else
188	{
189	$ldap_add['userPasswordRFC2617'] = $passUserRFC2617;
190	if (!@ldap_mod_add($ds, $dn, $ldap_add))
191	{
192	return false;
193	}
194	}
195	}
196	/* userPasswordRFC2617 End's*/
197
198	if (!@ldap_modify($ds, $dn, $entry))
199	{
200	return false;
201	}
202	$GLOBALS['phpgw']->session->appsession('password','phpgwapi',base64_encode($new_passwd));
203	return $new_passwd;
204	}
205
206	function change_password_user ($old_passwd, $new_passwd, $dn, $referrals=false)
207	{
208	if ( (!empty($GLOBALS['phpgw_info']['server']['ldap_master_host'])) &&
209	(!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_dn'])) &&
210	(!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_pw'])) )
211	{
212	$ds = $GLOBALS['phpgw']->common->ldapConnect($GLOBALS['phpgw_info']['server']['ldap_master_host'],
213	$GLOBALS['phpgw_info']['server']['ldap_master_root_dn'],
214	$GLOBALS['phpgw_info']['server']['ldap_master_root_pw']);
215	}
216	else
217	{
218	$ds = $GLOBALS['phpgw']->common->ldapConnect();
219	}
220	if (!$ds)
221	{
222	$this->auth_reason = ldap_errno($ldap);
223	return False;
224	}
225	else
226	{
227	if ($referrals)
228	{
229	$this->passwd=$old_passwd;
230	$this->dn=$dn;
231	ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
232	ldap_set_option($ds, LDAP_OPT_REFERRALS, 1);
233	if($GLOBALS['phpgw_info']['server']['diretorioescravo'])
234	{
235	ldap_set_rebind_proc($ds, array($this, '_rebindProc'));
236	}
237	}
238	$modify["userpassword"]=$new_passwd;
239	if (!@ldap_bind($ds,$dn,$old_passwd))
240	{
241	if (!@ldap_mod_replace($ds,$dn,$modify))
242	{
243	$this->auth_reason = ldap_errno($ds);
244	return false;
245	}
246	else
247	{
248	$GLOBALS['phpgw']->session->appsession('password','phpgwapi',base64_encode($new_passwd));
249	return $new_passwd;
250	}
251	$this->auth_reason = ldap_errno($ds);
252	return False;
253	}
254	else
255	{
256	if (!ldap_mod_replace($ds,$dn,$modify))
257	{
258	$this->auth_reason = ldap_errno($ds);
259	return False;
260	}
261	else
262	{
263	$GLOBALS['phpgw']->session->appsession('password','phpgwapi',base64_encode($new_passwd));
264	return $new_passwd;
265	}
266	}
267	}
268	}
269
270
271	function update_lastlogin($_account_id, $ip)
272	{
273	if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
274	{
275	$entry['phpgwaccountlastlogin'] = time();
276	$entry['phpgwaccountlastloginfrom'] = $ip;
277
278	$ds = $GLOBALS['phpgw']->common->ldapConnect();
279	$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
280	$allValues = ldap_get_entries($ds, $sri);
281
282	$dn = $allValues[0]['dn'];
283	$this->previous_login = $allValues[0]['phpgwaccountlastlogin'][0];
284
285	@ldap_modify($ds, $dn, $entry);
286	}
287	else
288	{
289	$GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$_account_id'",__LINE__,__FILE__);
290	$GLOBALS['phpgw']->db->next_record();
291	$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
292
293	$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
294	. "$ip', account_lastlogin='" . time()
295	. "' where account_id='$_account_id'",__LINE__,__FILE__);
296	}
297	}
298	}
299	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: sandbox/2.5.1-evolucao/phpgwapi/inc/class.auth_ldap.inc.php @ 8221

Download in other formats: