| 1: | <?php
|
| 2: | |
| 3: | |
| 4: | |
| 5: | |
| 6: | |
| 7: | |
| 8: | |
| 9: | |
| 10: | |
| 11: | |
| 12: | |
| 13: | |
| 14: | |
| 15: | |
| 16: | |
| 17: | |
| 18: |
|
| 19: | defined('XOOPS_ROOT_PATH') || exit('Restricted access');
|
| 20: |
|
| 21: | |
| 22: | |
| 23: | |
| 24: | |
| 25: | |
| 26: | |
| 27: | |
| 28: |
|
| 29: | if (file_exists($file = $GLOBALS['xoops']->path('class/auth/auth_provisionning.php'))) {
|
| 30: | include_once $file;
|
| 31: | }
|
| 32: |
|
| 33: | if (!class_exists('XoopsAuthProvisionning')) {
|
| 34: | trigger_error('Required class XoopsAuthProvisionning was not found at line ' . __FILE__ . ' at line ' . __LINE__, E_USER_WARNING);
|
| 35: |
|
| 36: | return false;
|
| 37: | }
|
| 38: |
|
| 39: | |
| 40: | |
| 41: | |
| 42: | |
| 43: | |
| 44: | |
| 45: | |
| 46: |
|
| 47: | class XoopsAuthLdap extends XoopsAuth
|
| 48: | {
|
| 49: | public $cp1252_map = array(
|
| 50: | "\xc2\x80" => "\xe2\x82\xac",
|
| 51: | |
| 52: | |
| 53: |
|
| 54: | "\xc2\x82" => "\xe2\x80\x9a",
|
| 55: | |
| 56: | |
| 57: |
|
| 58: | "\xc2\x83" => "\xc6\x92",
|
| 59: | |
| 60: | |
| 61: |
|
| 62: | "\xc2\x84" => "\xe2\x80\x9e",
|
| 63: | |
| 64: | |
| 65: |
|
| 66: | "\xc2\x85" => "\xe2\x80\xa6",
|
| 67: | |
| 68: | |
| 69: |
|
| 70: | "\xc2\x86" => "\xe2\x80\xa0",
|
| 71: | |
| 72: | |
| 73: |
|
| 74: | "\xc2\x87" => "\xe2\x80\xa1",
|
| 75: | |
| 76: | |
| 77: |
|
| 78: | "\xc2\x88" => "\xcb\x86",
|
| 79: | |
| 80: | |
| 81: |
|
| 82: | "\xc2\x89" => "\xe2\x80\xb0",
|
| 83: | |
| 84: | |
| 85: |
|
| 86: | "\xc2\x8a" => "\xc5\xa0",
|
| 87: | |
| 88: | |
| 89: |
|
| 90: | "\xc2\x8b" => "\xe2\x80\xb9",
|
| 91: | |
| 92: | |
| 93: |
|
| 94: | "\xc2\x8c" => "\xc5\x92",
|
| 95: | |
| 96: | |
| 97: |
|
| 98: | "\xc2\x8e" => "\xc5\xbd",
|
| 99: | |
| 100: | |
| 101: |
|
| 102: | "\xc2\x91" => "\xe2\x80\x98",
|
| 103: | |
| 104: | |
| 105: |
|
| 106: | "\xc2\x92" => "\xe2\x80\x99",
|
| 107: | |
| 108: | |
| 109: |
|
| 110: | "\xc2\x93" => "\xe2\x80\x9c",
|
| 111: | |
| 112: | |
| 113: |
|
| 114: | "\xc2\x94" => "\xe2\x80\x9d",
|
| 115: | |
| 116: | |
| 117: |
|
| 118: | "\xc2\x95" => "\xe2\x80\xa2",
|
| 119: | |
| 120: | |
| 121: |
|
| 122: | "\xc2\x96" => "\xe2\x80\x93",
|
| 123: | |
| 124: | |
| 125: |
|
| 126: | "\xc2\x97" => "\xe2\x80\x94",
|
| 127: | |
| 128: | |
| 129: |
|
| 130: | "\xc2\x98" => "\xcb\x9c",
|
| 131: | |
| 132: | |
| 133: |
|
| 134: | "\xc2\x99" => "\xe2\x84\xa2",
|
| 135: | |
| 136: | |
| 137: |
|
| 138: | "\xc2\x9a" => "\xc5\xa1",
|
| 139: | |
| 140: | |
| 141: |
|
| 142: | "\xc2\x9b" => "\xe2\x80\xba",
|
| 143: | |
| 144: | |
| 145: |
|
| 146: | "\xc2\x9c" => "\xc5\x93",
|
| 147: | |
| 148: | |
| 149: |
|
| 150: | "\xc2\x9e" => "\xc5\xbe",
|
| 151: | |
| 152: | |
| 153: |
|
| 154: | "\xc2\x9f" => "\xc5\xb8");
|
| 155: | |
| 156: | |
| 157: |
|
| 158: |
|
| 159: | public $ldap_server;
|
| 160: | public $ldap_port = '389';
|
| 161: | public $ldap_version = '3';
|
| 162: | public $ldap_base_dn;
|
| 163: | public $ldap_loginname_asdn;
|
| 164: | public $ldap_loginldap_attr;
|
| 165: | public $ldap_mail_attr;
|
| 166: | public $ldap_name_attr;
|
| 167: | public $ldap_surname_attr;
|
| 168: | public $ldap_givenname_attr;
|
| 169: | public $ldap_manager_dn;
|
| 170: | public $ldap_manager_pass;
|
| 171: | public $_ds;
|
| 172: |
|
| 173: | |
| 174: | |
| 175: | |
| 176: |
|
| 177: | public function __construct(XoopsDatabase $dao = null)
|
| 178: | {
|
| 179: | $this->_dao = $dao;
|
| 180: |
|
| 181: |
|
| 182: | $config_handler = xoops_getHandler('config');
|
| 183: | $config = $config_handler->getConfigsByCat(XOOPS_CONF_AUTH);
|
| 184: | $confcount = count($config);
|
| 185: | foreach ($config as $key => $val) {
|
| 186: | $this->$key = $val;
|
| 187: | }
|
| 188: | }
|
| 189: |
|
| 190: | |
| 191: | |
| 192: | |
| 193: | |
| 194: | |
| 195: | |
| 196: |
|
| 197: | public function cp1252_to_utf8($str)
|
| 198: | {
|
| 199: | return strtr(xoops_utf8_encode($str), $this->cp1252_map);
|
| 200: | }
|
| 201: |
|
| 202: | |
| 203: | |
| 204: | |
| 205: | |
| 206: | |
| 207: | |
| 208: | |
| 209: | |
| 210: | |
| 211: |
|
| 212: | public function authenticate($uname, $pwd = null)
|
| 213: | {
|
| 214: | $authenticated = false;
|
| 215: | if (!extension_loaded('ldap')) {
|
| 216: | $this->setErrors(0, _AUTH_LDAP_EXTENSION_NOT_LOAD);
|
| 217: |
|
| 218: | return $authenticated;
|
| 219: | }
|
| 220: | $this->_ds = ldap_connect($this->ldap_server, $this->ldap_port);
|
| 221: | if ($this->_ds) {
|
| 222: | ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
|
| 223: | if ($this->ldap_use_TLS) {
|
| 224: | if (!ldap_start_tls($this->_ds)) {
|
| 225: | $this->setErrors(0, _AUTH_LDAP_START_TLS_FAILED);
|
| 226: | }
|
| 227: | }
|
| 228: |
|
| 229: |
|
| 230: | $userDN = $this->getUserDN($uname);
|
| 231: | if (!$userDN) {
|
| 232: | return false;
|
| 233: | }
|
| 234: |
|
| 235: | $authenticated = ldap_bind($this->_ds, $userDN, stripslashes($pwd));
|
| 236: | if ($authenticated) {
|
| 237: |
|
| 238: | return $this->loadXoopsUser($userDN, $uname, $pwd);
|
| 239: | } else {
|
| 240: | $this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $userDN . ')');
|
| 241: | }
|
| 242: | } else {
|
| 243: | $this->setErrors(0, _AUTH_LDAP_SERVER_NOT_FOUND);
|
| 244: | }
|
| 245: | @ldap_close($this->_ds);
|
| 246: |
|
| 247: | return $authenticated;
|
| 248: | }
|
| 249: |
|
| 250: | |
| 251: | |
| 252: | |
| 253: | |
| 254: | |
| 255: |
|
| 256: | public function getUserDN($uname)
|
| 257: | {
|
| 258: | $userDN = false;
|
| 259: | if (!$this->ldap_loginname_asdn) {
|
| 260: |
|
| 261: | if (!ldap_bind($this->_ds, $this->ldap_manager_dn, stripslashes($this->ldap_manager_pass))) {
|
| 262: | $this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $this->ldap_manager_dn . ')');
|
| 263: |
|
| 264: | return false;
|
| 265: | }
|
| 266: | $filter = $this->getFilter($uname);
|
| 267: | $sr = ldap_search($this->_ds, $this->ldap_base_dn, $filter);
|
| 268: | $info = ldap_get_entries($this->_ds, $sr);
|
| 269: | if ($info['count'] > 0) {
|
| 270: | $userDN = $info[0]['dn'];
|
| 271: | } else {
|
| 272: | $this->setErrors(0, sprintf(_AUTH_LDAP_USER_NOT_FOUND, $uname, $filter, $this->ldap_base_dn));
|
| 273: | }
|
| 274: | } else {
|
| 275: | $userDN = $this->ldap_loginldap_attr . '=' . $uname . ',' . $this->ldap_base_dn;
|
| 276: | }
|
| 277: |
|
| 278: | return $userDN;
|
| 279: | }
|
| 280: |
|
| 281: | |
| 282: | |
| 283: | |
| 284: | |
| 285: | |
| 286: |
|
| 287: | public function getFilter($uname)
|
| 288: | {
|
| 289: | $filter = '';
|
| 290: | if ($this->ldap_filter_person != '') {
|
| 291: | $filter = str_replace('@@loginname@@', $uname, $this->ldap_filter_person);
|
| 292: | } else {
|
| 293: | $filter = $this->ldap_loginldap_attr . '=' . $uname;
|
| 294: | }
|
| 295: |
|
| 296: | return $filter;
|
| 297: | }
|
| 298: |
|
| 299: | |
| 300: | |
| 301: | |
| 302: | |
| 303: | |
| 304: | |
| 305: | |
| 306: |
|
| 307: | public function loadXoopsUser($userdn, $uname, $pwd = null)
|
| 308: | {
|
| 309: | $provisHandler = XoopsAuthProvisionning::getInstance($this);
|
| 310: | $sr = ldap_read($this->_ds, $userdn, '(objectclass=*)');
|
| 311: | $entries = ldap_get_entries($this->_ds, $sr);
|
| 312: | if ($entries['count'] > 0) {
|
| 313: | $xoopsUser = $provisHandler->sync($entries[0], $uname, $pwd);
|
| 314: | } else {
|
| 315: | $this->setErrors(0, sprintf('loadXoopsUser - ' . _AUTH_LDAP_CANT_READ_ENTRY, $userdn));
|
| 316: | }
|
| 317: |
|
| 318: | return $xoopsUser;
|
| 319: | }
|
| 320: | }
|
| 321: |
|
| 322: | |