Context Navigation

source: trunk/phpgwapi/inc/class.auth_ldap.inc.php @ 2

Revision 2, 7.1 KB checked in by niltonneto, 17 years ago (diff)
Removida todas as tags usadas pelo CVS ($Id, $Source). Primeira versão no CVS externo.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Auth from LDAP *
4	* This file written by Lars Kneschke <lkneschke@linux-at-work.de> *
5	* and Joseph Engo <jengo@phpgroupware.org> *
6	* Authentication based on LDAP Server *
7	* Copyright (C) 2000, 2001 Joseph Engo *
8	* Copyright (C) 2002, 2003 Lars Kneschke *
9	* -------------------------------------------------------------------------*
10	* This library is part of the eGroupWare API *
11	* http://www.egroupware.org/api *
12	* ------------------------------------------------------------------------ *
13	* This library is free software; you can redistribute it and/or modify it *
14	* under the terms of the GNU Lesser General Public License as published by *
15	* the Free Software Foundation; either version 2.1 of the License, *
16	* or any later version. *
17	* This library is distributed in the hope that it will be useful, but *
18	* WITHOUT ANY WARRANTY; without even the implied warranty of *
19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
20	* See the GNU Lesser General Public License for more details. *
21	* You should have received a copy of the GNU Lesser General Public License *
22	* along with this library; if not, write to the Free Software Foundation, *
23	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
24	\**************************************************************************/
25
26
27	class auth_
28	{
29	var $previous_login = -1;
30
31	function authenticate($username, $passwd)
32	{
33	if (ereg('[()\|&=*,<>!~]',$username))
34	{
35	return False;
36	}
37
38	if(!$ldap = @ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']))
39	{
40	$GLOBALS['phpgw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped');
41	$GLOBALS['phpgw']->log->commit();
42	return False;
43	}
44
45	if($GLOBALS['phpgw_info']['server']['ldap_version3'])
46	{
47	ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
48	}
49
50	ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
51
52	/* Login with the LDAP Admin. User to find the User DN. */
53	if(!@ldap_bind($ldap, $GLOBALS['phpgw_info']['server']['ldap_root_dn'], $GLOBALS['phpgw_info']['server']['ldap_root_pw']))
54	{
55	return False;
56	}
57	/* find the dn for this uid, the uid is not always in the dn */
58	$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber');
59
60	$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)';
61	$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter);
62
63	if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
64	{
65	$filter = "(&$filter(phpgwaccountstatus=A))";
66	}
67
68	$sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes);
69	$allValues = ldap_get_entries($ldap, $sri);
70
71	if ($allValues['count'] > 0)
72	{
73	if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
74	{
75	if($allValues[0]['uid'][0] != $username)
76	{
77	return false;
78	}
79	}
80	/* we only care about the first dn */
81	$userDN = $allValues[0]['dn'];
82	/*
83	generate a bogus password to pass if the user doesn't give us one
84	this gets around systems that are anonymous search enabled
85	*/
86	if (empty($passwd))
87	{
88	$passwd = crypt(microtime());
89	}
90	/* try to bind as the user with user suplied password */
91	if (@ldap_bind($ldap, $userDN, $passwd))
92	{
93	if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap')
94	{
95	$account = CreateObject('phpgwapi.accounts',$username,'u');
96	if (!$account->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct'])
97	{
98	// create a global array with all availible info about that account
99	$GLOBALS['auto_create_acct'] = array();
100	foreach(array(
101	'givenname' => 'firstname',
102	'sn' => 'lastname',
103	'uidnumber' => 'id',
104	'mail' => 'email',
105	'gidnumber' => 'primary_group',
106	) as $ldap_name => $acct_name)
107	{
108	$GLOBALS['auto_create_acct'][$acct_name] =
109	$GLOBALS['phpgw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
110	}
111	return True;
112	}
113	$data = $account->read_repository();
114	return $data['status'] == 'A';
115	}
116	return True;
117	}
118	}
119	/* dn not found or password wrong */
120	return False;
121	}
122
123	function change_password($old_passwd, $new_passwd, $_account_id='')
124	{
125	if ('' == $_account_id)
126	{
127	$username = $GLOBALS['phpgw_info']['user']['account_lid'];
128	}
129	else
130	{
131	$username = $GLOBALS['phpgw']->accounts->id2name($_account_id);
132	}
133	$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)';
134	$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter);
135
136	$ds = $GLOBALS['phpgw']->common->ldapConnect();
137	$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter);
138	$allValues = ldap_get_entries($ds, $sri);
139	$entry['userpassword'] = $this->encrypt_password($new_passwd);
140
141	/* SAMBA Begin's*/
142	foreach ($allValues[0]['objectclass'] as $objectclass)
143	{
144	if ($objectclass == 'sambaSamAccount')
145	{
146	$entry['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$new_passwd);
147	$entry['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$new_passwd);
148	}
149	}
150	/* SAMBA End's*/
151
152	$dn = $allValues[0]['dn'];
153	if (!@ldap_modify($ds, $dn, $entry))
154	{
155	return false;
156	}
157	$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
158	return $entry['userpassword'];
159	}
160
161	function update_lastlogin($_account_id, $ip)
162	{
163	if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
164	{
165	$entry['phpgwaccountlastlogin'] = time();
166	$entry['phpgwaccountlastloginfrom'] = $ip;
167
168	$ds = $GLOBALS['phpgw']->common->ldapConnect();
169	$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
170	$allValues = ldap_get_entries($ds, $sri);
171
172	$dn = $allValues[0]['dn'];
173	$this->previous_login = $allValues[0]['phpgwaccountlastlogin'][0];
174
175	@ldap_modify($ds, $dn, $entry);
176	}
177	else
178	{
179	$GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$_account_id'",__LINE__,__FILE__);
180	$GLOBALS['phpgw']->db->next_record();
181	$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
182
183	$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
184	. "$ip', account_lastlogin='" . time()
185	. "' where account_id='$_account_id'",__LINE__,__FILE__);
186	}
187	}
188	}
189	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: