PageRenderTime 44ms CodeModel.GetById 5ms RepoModel.GetById 7ms app.codeStats 0ms

/libraries/joomla/client/ldap.php

https://gitlab.com/endomorphosis/OLAAaction
PHP | 487 lines | 278 code | 33 blank | 176 comment | 34 complexity | 7b0e12958e4dce1ce89c52277de6e9f7 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4. * @version		$Id: ldap.php 14401 2010-01-26 14:10:00Z louis $
    5. 

  5. * @package		Joomla.Framework
    6. 

  6. * @subpackage	Client
    7. 

  7. * @copyright	Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
    8. 

  8. * @license		GNU/GPL, see LICENSE.php
    9. 

  9. * Joomla! is free software and parts of it may contain or be derived from the
    10. 

  10. * GNU General Public License or other free or open source software licenses.
    11. 

  11. * See COPYRIGHT.php for copyright notices and details.
    12. 

  12. */
    13. 

  13. 

  14. /**
    15. 

  15.  * LDAP client class
    16. 

  16.  *
    17. 

  17.  * @package		Joomla.Framework
    18. 

  18.  * @subpackage	Client
    19. 

  19.  * @since		1.5
    20. 

  20.  */
    21. 

  21. 

  22. // no direct access
    23. 

  23. defined('_JEXEC') or die('Restricted access');
    24. 

  24. 

  25. class JLDAP extends JObject
    26. 

  26. {
    27. 

  27. 	/** @var string Hostname of LDAP server
    28. 

  28. 		@access public */
    29. 

  29. 	var $host = null;
    30. 

  30. 	/** @var bool Authorization Method to use
    31. 

  31. 		@access public */
    32. 

  32. 	var $auth_method = null;
    33. 

  33. 	/** @var int Port of LDAP server
    34. 

  34. 		@access public */
    35. 

  35. 	var $port = null;
    36. 

  36. 	/** @var string Base DN (e.g. o=MyDir)
    37. 

  37. 		@access public */
    38. 

  38. 	var $base_dn = null;
    39. 

  39. 	/** @var string User DN (e.g. cn=Users,o=MyDir)
    40. 

  40. 		@access public */
    41. 

  41. 	var $users_dn = null;
    42. 

  42. 	/** @var string Search String
    43. 

  43. 		@access public */
    44. 

  44. 	var $search_string = null;
    45. 

  45. 	/** @var boolean Use LDAP Version 3
    46. 

  46. 		@access public */
    47. 

  47. 	var $use_ldapV3 = null;
    48. 

  48. 	/** @var boolean No referrals (server transfers)
    49. 

  49. 		@access public */
    50. 

  50. 	var $no_referrals = null;
    51. 

  51. 	/** @var boolean Negotiate TLS (encrypted communications)
    52. 

  52. 		@access public */
    53. 

  53. 	var $negotiate_tls = null;
    54. 

  54. 

  55. 	/** @var string Username to connect to server
    56. 

  56. 		@access public */
    57. 

  57. 	var $username = null;
    58. 

  58. 	/** @var string Password to connect to server
    59. 

  59. 		@access public */
    60. 

  60. 	var $password = null;
    61. 

  61. 

  62. 	/** @var mixed LDAP Resource Identifier
    63. 

  63. 		@access private */
    64. 

  64. 	var $_resource = null;
    65. 

  65. 	/** @var string Current DN
    66. 

  66. 		@access private */
    67. 

  67. 	var $_dn = null;
    68. 

  68. 

  69. 	/**
    70. 

  70. 	 * Constructor
    71. 

  71. 	 *
    72. 

  72. 	 * @param object An object of configuration variables
    73. 

  73. 	 * @access public
    74. 

  74. 	 */
    75. 

  75. 	function __construct($configObj = null)
    76. 

  76. 	{
    77. 

  77. 		if (is_object($configObj))
    78. 

  78. 		{
    79. 

  79. 			$vars = get_class_vars(get_class($this));
    80. 

  80. 			foreach (array_keys($vars) as $var)
    81. 

  81. 			{
    82. 

  82. 				if (substr($var, 0, 1) != '_') {
    83. 

  83. 					if ($param = $configObj->get($var)) {
    84. 

  84. 						$this-> $var = $param;
    85. 

  85. 					}
    86. 

  86. 				}
    87. 

  87. 			}
    88. 

  88. 		}
    89. 

  89. 	}
    90. 

  90. 

  91. 	/**
    92. 

  92. 	 * Connect to server
    93. 

  93. 	 * @return boolean True if successful
    94. 

  94. 	 * @access public
    95. 

  95. 	 */
    96. 

  96. 	function connect()
    97. 

  97. 	{
    98. 

  98. 		if ($this->host == '') {
    99. 

  99. 			return false;
    100. 

  100. 		}
    101. 

  101. 		$this->_resource = @ ldap_connect($this->host, $this->port);
    102. 

  102. 		if ($this->_resource)
    103. 

  103. 		{
    104. 

  104. 			if ($this->use_ldapV3) {
    105. 

  105. 				if (!@ldap_set_option($this->_resource, LDAP_OPT_PROTOCOL_VERSION, 3)) {
    106. 

  106. 					return false;
    107. 

  107. 				}
    108. 

  108. 			}
    109. 

  109. 			if (!@ldap_set_option($this->_resource, LDAP_OPT_REFERRALS, intval($this->no_referrals))) {
    110. 

  110. 				return false;
    111. 

  111. 			}
    112. 

  112. 			if ($this->negotiate_tls) {
    113. 

  113. 				if (!@ldap_start_tls($this->_resource)) {
    114. 

  114. 					return false;
    115. 

  115. 				}
    116. 

  116. 			}
    117. 

  117. 			return true;
    118. 

  118. 		} else {
    119. 

  119. 			return false;
    120. 

  120. 		}
    121. 

  121. 	}
    122. 

  122. 

  123. 	/**
    124. 

  124. 	 * Close the connection
    125. 

  125. 	 * @access public
    126. 

  126. 	 */
    127. 

  127. 	function close() {
    128. 

  128. 		@ ldap_close($this->_resource);
    129. 

  129. 	}
    130. 

  130. 

  131. 	/**
    132. 

  132. 	 * Sets the DN with some template replacements
    133. 

  133. 	 *
    134. 

  134. 	 * @param string The username
    135. 

  135. 	 * @access public
    136. 

  136. 	 */
    137. 

  137. 	function setDN($username,$nosub = 0)
    138. 

  138. 	{
    139. 

  139. 		if ($this->users_dn == '' || $nosub) {
    140. 

  140. 			$this->_dn = $username;
    141. 

  141. 		} else if(strlen($username)) {
    142. 

  142. 			$this->_dn = str_replace('[username]', $username, $this->users_dn);
    143. 

  143. 		} else {
    144. 

  144. 			$this->_dn = '';
    145. 

  145. 		}
    146. 

  146. 	}
    147. 

  147. 

  148. 	/**
    149. 

  149. 	 * @return string The current dn
    150. 

  150. 	 * @access public
    151. 

  151. 	 */
    152. 

  152. 	function getDN() {
    153. 

  153. 		return $this->_dn;
    154. 

  154. 	}
    155. 

  155. 

  156. 	/**
    157. 

  157. 	 * Anonymously Binds to LDAP Directory
    158. 

  158. 	 */
    159. 

  159. 	function anonymous_bind()
    160. 

  160. 	{
    161. 

  161. 		$bindResult = @ldap_bind($this->_resource);
    162. 

  162. 		return $bindResult;
    163. 

  163. 	}
    164. 

  164. 

  165. 	/**
    166. 

  166. 	 * Binds to the LDAP directory
    167. 

  167. 	 *
    168. 

  168. 	 * @param string The username
    169. 

  169. 	 * @param string The password
    170. 

  170. 	 * @return boolean Result
    171. 

  171. 	 * @access public
    172. 

  172. 	 */
    173. 

  173. 	function bind($username = null, $password = null, $nosub = 0)
    174. 

  174. 	{
    175. 

  175. 		if (is_null($username)) {
    176. 

  176. 			$username = $this->username;
    177. 

  177. 		}
    178. 

  178. 		if (is_null($password)) {
    179. 

  179. 			$password = $this->password;
    180. 

  180. 		}
    181. 

  181. 		$this->setDN($username,$nosub);
    182. 

  182. 		//if(strlen($this->getDN()))
    183. 

  183. 		$bindResult = @ldap_bind($this->_resource, $this->getDN(), $password);
    184. 

  184. 		return $bindResult;
    185. 

  185. 	}
    186. 

  186. 

  187. 	/**
    188. 

  188. 	 * Perform an LDAP search using comma seperated search strings
    189. 

  189. 	 *
    190. 

  190. 	 * @param string search string of search values
    191. 

  191. 	 */
    192. 

  192. 	function simple_search($search)
    193. 

  193. 	{
    194. 

  194. 		$results = explode(';', $search);
    195. 

  195. 		foreach($results as $key=>$result) {
    196. 

  196. 			$results[$key] = '('.$result.')';
    197. 

  197. 		}
    198. 

  198. 		return $this->search($results);
    199. 

  199. 	}
    200. 

  200. 

  201. 

  202. 	/**
    203. 

  203. 	 * Perform an LDAP search
    204. 

  204. 	 *
    205. 

  205. 	 * @param array Search Filters (array of strings)
    206. 

  206. 	 * @param string DN Override
    207. 

  207. 	 * @return array Multidimensional array of results
    208. 

  208. 	 * @access public
    209. 

  209. 	 */
    210. 

  210. 	function search($filters, $dnoverride = null)
    211. 

  211. 	{
    212. 

  212. 		$attributes = array ();
    213. 

  213. 		if ($dnoverride) {
    214. 

  214. 			$dn = $dnoverride;
    215. 

  215. 		} else {
    216. 

  216. 			$dn = $this->base_dn;
    217. 

  217. 		}
    218. 

  218. 

  219. 		$resource = $this->_resource;
    220. 

  220. 

  221. 		foreach ($filters as $search_filter)
    222. 

  222. 		{
    223. 

  223. 			$search_result = @ldap_search($resource, $dn, $search_filter);
    224. 

  224. 			if ($search_result && ($count = @ldap_count_entries($resource, $search_result)) > 0)
    225. 

  225. 			{
    226. 

  226. 				for ($i = 0; $i < $count; $i++)
    227. 

  227. 				{
    228. 

  228. 					$attributes[$i] = Array ();
    229. 

  229. 					if (!$i) {
    230. 

  230. 						$firstentry = @ldap_first_entry($resource, $search_result);
    231. 

  231. 					} else {
    232. 

  232. 						$firstentry = @ldap_next_entry($resource, $firstentry);
    233. 

  233. 					}
    234. 

  234. 					$attributes_array = @ldap_get_attributes($resource, $firstentry); // load user-specified attributes
    235. 

  235. 					// ldap returns an array of arrays, fit this into attributes result array
    236. 

  236. 					foreach ($attributes_array as $ki => $ai)
    237. 

  237. 					{
    238. 

  238. 						if (is_array($ai))
    239. 

  239. 						{
    240. 

  240. 							$subcount = $ai['count'];
    241. 

  241. 							$attributes[$i][$ki] = Array ();
    242. 

  242. 							for ($k = 0; $k < $subcount; $k++) {
    243. 

  243. 								$attributes[$i][$ki][$k] = $ai[$k];
    244. 

  244. 							}
    245. 

  245. 						}
    246. 

  246. 					}
    247. 

  247. 					$attributes[$i]['dn'] = @ldap_get_dn($resource, $firstentry);
    248. 

  248. 				}
    249. 

  249. 			}
    250. 

  250. 		}
    251. 

  251. 		return $attributes;
    252. 

  252. 	}
    253. 

  253. 

  254. 	/**
    255. 

  255. 	 * Replace an entry and return a true or false result
    256. 

  256. 	 *
    257. 

  257. 	 * @param string dn The DN which contains the attribute you want to replace
    258. 

  258. 	 * @param string attribute The attribute values you want to replace
    259. 

  259. 	 * @return mixed result of comparison (true, false, -1 on error)
    260. 

  260. 	 */
    261. 

  261. 

  262. 	function replace($dn, $attribute) {
    263. 

  263. 		return @ldap_mod_replace($this->_resource, $dn, $attribute);
    264. 

  264. 	}
    265. 

  265. 

  266. 

  267. 	/**
    268. 

  268. 	 * Modifies an entry and return a true or false result
    269. 

  269. 	 *
    270. 

  270. 	 * @param string dn The DN which contains the attribute you want to modify
    271. 

  271. 	 * @param string attribute The attribute values you want to modify
    272. 

  272. 	 * @return mixed result of comparison (true, false, -1 on error)
    273. 

  273. 	 */
    274. 

  274. 	function modify($dn, $attribute) {
    275. 

  275. 		return @ldap_modify($this->_resource, $dn, $attribute);
    276. 

  276. 	}
    277. 

  277. 

  278. 	/**
    279. 

  279. 	 * Removes attribute value from given dn and return a true or false result
    280. 

  280. 	 *
    281. 

  281. 	 * @param string dn The DN which contains the attribute you want to remove
    282. 

  282. 	 * @param string attribute The attribute values you want to remove
    283. 

  283. 	 * @return mixed result of comparison (true, false, -1 on error)
    284. 

  284. 	 */
    285. 

  285. 	function remove($dn, $attribute)
    286. 

  286. 	{
    287. 

  287. 		$resource = $this->_resource;
    288. 

  288. 		return @ldap_mod_del($resource, $dn, $attribute);
    289. 

  289. 	}
    290. 

  290. 

  291. 	/**
    292. 

  292. 	 * Compare an entry and return a true or false result
    293. 

  293. 	 *
    294. 

  294. 	 * @param string dn The DN which contains the attribute you want to compare
    295. 

  295. 	 * @param string attribute The attribute whose value you want to compare
    296. 

  296. 	 * @param string value The value you want to check against the LDAP attribute
    297. 

  297. 	 * @return mixed result of comparison (true, false, -1 on error)
    298. 

  298. 	 * @access public
    299. 

  299. 	 */
    300. 

  300. 	function compare($dn, $attribute, $value) {
    301. 

  301. 		return @ldap_compare($this->_resource, $dn, $attribute, $value);
    302. 

  302. 	}
    303. 

  303. 

  304. 	/**
    305. 

  305. 	 * Read all or specified attributes of given dn
    306. 

  306. 	 *
    307. 

  307. 	 * @param string dn The DN of the object you want to read
    308. 

  308. 	 * @param string attribute The attribute values you want to read (Optional)
    309. 

  309. 	 * @return array of attributes or -1 on error
    310. 

  310. 	 * @access public
    311. 

  311. 	 */
    312. 

  312. 	function read($dn, $attribute = array())
    313. 

  313. 	{
    314. 

  314. 		$base = substr($dn,strpos($dn,',')+1);
    315. 

  315. 		$cn = substr($dn,0,strpos($dn,','));
    316. 

  316. 		$result = @ldap_read($this->_resource, $base, $cn);
    317. 

  317. 

  318. 		if ($result) {
    319. 

  319. 			return @ldap_get_entries($this->_resource, $result);
    320. 

  320. 		} else {
    321. 

  321. 			return $result;
    322. 

  322. 		}
    323. 

  323. 	}
    324. 

  324. 

  325. 	/**
    326. 

  326. 	 * Deletes a given DN from the tree
    327. 

  327. 	 *
    328. 

  328. 	 * @param string dn The DN of the object you want to delete
    329. 

  329. 	 * @return bool result of operation
    330. 

  330. 	 * @access public
    331. 

  331. 	 */
    332. 

  332. 	function delete($dn) {
    333. 

  333. 		return @ldap_delete($this->_resource, $dn);
    334. 

  334. 	}
    335. 

  335. 

  336. 	/**
    337. 

  337. 	 * Create a new DN
    338. 

  338. 	 *
    339. 

  339. 	 * @param string dn The DN where you want to put the object
    340. 

  340. 	 * @param array entries An array of arrays describing the object to add
    341. 

  341. 	 * @return bool result of operation
    342. 

  342. 	 */
    343. 

  343. 	function create($dn, $entries) {
    344. 

  344. 		return @ldap_add($this->_resource, $dn, $entries);
    345. 

  345. 	}
    346. 

  346. 

  347. 	/**
    348. 

  348. 	 * Add an attribute to the given DN
    349. 

  349. 	 * Note: DN has to exist already
    350. 

  350. 	 *
    351. 

  351. 	 * @param string dn The DN of the entry to add the attribute
    352. 

  352. 	 * @param array entry An array of arrays with attributes to add
    353. 

  353. 	 * @return bool Result of operation
    354. 

  354. 	 */
    355. 

  355. 	function add($dn, $entry) {
    356. 

  356. 		return @ldap_mod_add($this->_resource, $dn, $entry);
    357. 

  357. 	}
    358. 

  358. 

  359. 	/**
    360. 

  360. 	 * Rename the entry
    361. 

  361. 	 *
    362. 

  362. 	 * @param string dn The DN of the entry at the moment
    363. 

  363. 	 * @param string newdn The DN of the entry should be (only cn=newvalue)
    364. 

  364. 	 * @param string newparent The full DN of the parent (null by default)
    365. 

  365. 	 * @param bool deleteolddn Delete the old values (default)
    366. 

  366. 	 * @return bool Result of operation
    367. 

  367. 	 */
    368. 

  368. 	function rename($dn, $newdn, $newparent, $deleteolddn) {
    369. 

  369. 		return @ldap_rename($this->_resource, $dn, $newdn, $newparent, $deleteolddn);
    370. 

  370. 	}
    371. 

  371. 

  372. 	/**
    373. 

  373. 	 * Returns the error message
    374. 

  374. 	 *
    375. 

  375. 	 * @return string error message
    376. 

  376. 	 */
    377. 

  377. 	function getErrorMsg() {
    378. 

  378. 		return @ldap_error($this->_resource);
    379. 

  379. 	}
    380. 

  380. 

  381. 	/**
    382. 

  382. 	 * Converts a dot notation IP address to net address (e.g. for Netware, etc)
    383. 

  383. 	 *
    384. 

  384. 	 * @param string IP Address (e.g. xxx.xxx.xxx.xxx)
    385. 

  385. 	 * @return string Net address
    386. 

  386. 	 * @access public
    387. 

  387. 	 */
    388. 

  388. 	function ipToNetAddress($ip)
    389. 

  389. 	{
    390. 

  390. 		$parts = explode('.', $ip);
    391. 

  391. 		$address = '1#';
    392. 

  392. 

  393. 		foreach ($parts as $int) {
    394. 

  394. 			$tmp = dechex($int);
    395. 

  395. 			if (strlen($tmp) != 2) {
    396. 

  396. 				$tmp = '0' . $tmp;
    397. 

  397. 			}
    398. 

  398. 			$address .= '\\' . $tmp;
    399. 

  399. 		}
    400. 

  400. 		return $address;
    401. 

  401. 	}
    402. 

  402. 

  403. 	/**
    404. 

  404. 	 * extract readable network address from the LDAP encoded networkAddress attribute.
    405. 

  405. 	 * @author Jay Burrell, Systems & Networks, Mississippi State University
    406. 

  406. 	 * Please keep this document block and author attribution in place.
    407. 

  407. 	 *
    408. 

  408. 	 *  Novell Docs, see: http://developer.novell.com/ndk/doc/ndslib/schm_enu/data/sdk5624.html#sdk5624
    409. 

  409. 	 *  for Address types: http://developer.novell.com/ndk/doc/ndslib/index.html?page=/ndk/doc/ndslib/schm_enu/data/sdk4170.html
    410. 

  410. 	 *  LDAP Format, String:
    411. 

  411. 	 *	 taggedData = uint32String "#" octetstring
    412. 

  412. 	 *	 byte 0 = uint32String = Address Type: 0= IPX Address; 1 = IP Address
    413. 

  413. 	 *	 byte 1 = char = "#" - separator
    414. 

  414. 	 *	 byte 2+ = octetstring - the ordinal value of the address
    415. 

  415. 	 *   Note: with eDirectory 8.6.2, the IP address (type 1) returns
    416. 

  416. 	 *				 correctly, however, an IPX address does not seem to.  eDir 8.7 may correct this.
    417. 

  417. 	 *  Enhancement made by Merijn van de Schoot:
    418. 

  418. 	 *	 If addresstype is 8 (UDP) or 9 (TCP) do some additional parsing like still returning the IP address
    419. 

  419. 	 */
    420. 

  420. 	function LDAPNetAddr($networkaddress)
    421. 

  421. 	{
    422. 

  422. 		$addr = "";
    423. 

  423. 		$addrtype = intval(substr($networkaddress, 0, 1));
    424. 

  424. 		$networkaddress = substr($networkaddress, 2); // throw away bytes 0 and 1 which should be the addrtype and the "#" separator
    425. 

  425. 

  426. 		if (($addrtype == 8) || ($addrtype = 9)) {
    427. 

  427. 			// TODO 1.6: If UDP or TCP, (TODO fill addrport and) strip portnumber information from address
    428. 

  428. 			$networkaddress = substr($networkaddress, (strlen($networkaddress)-4));
    429. 

  429. 		}
    430. 

  430. 

  431. 		$addrtypes = array (
    432. 

  432. 			'IPX',
    433. 

  433. 			'IP',
    434. 

  434. 			'SDLC',
    435. 

  435. 			'Token Ring',
    436. 

  436. 			'OSI',
    437. 

  437. 			'AppleTalk',
    438. 

  438. 			'NetBEUI',
    439. 

  439. 			'Socket',
    440. 

  440. 			'UDP',
    441. 

  441. 			'TCP',
    442. 

  442. 			'UDP6',
    443. 

  443. 			'TCP6',
    444. 

  444. 			'Reserved (12)',
    445. 

  445. 			'URL',
    446. 

  446. 			'Count'
    447. 

  447. 		);
    448. 

  448. 		$len = strlen($networkaddress);
    449. 

  449. 		if ($len > 0)
    450. 

  450. 		{
    451. 

  451. 			for ($i = 0; $i < $len; $i += 1)
    452. 

  452. 			{
    453. 

  453. 				$byte = substr($networkaddress, $i, 1);
    454. 

  454. 				$addr .= ord($byte);
    455. 

  455. 				if ( ($addrtype == 1) || ($addrtype == 8) || ($addrtype = 9) ) { // dot separate IP addresses...
    456. 

  456. 					$addr .= ".";
    457. 

  457. 				}
    458. 

  458. 			}
    459. 

  459. 			if ( ($addrtype == 1) || ($addrtype == 8) || ($addrtype = 9) ) { // strip last period from end of $addr
    460. 

  460. 				$addr = substr($addr, 0, strlen($addr) - 1);
    461. 

  461. 			}
    462. 

  462. 		} else {
    463. 

  463. 			$addr .= "address not available.";
    464. 

  464. 		}
    465. 

  465. 		return Array('protocol'=>$addrtypes[$addrtype], 'address'=>$addr);
    466. 

  466. 	}
    467. 

  467. 

  468. 	/**
    469. 

  469. 	 * Generates a LDAP compatible password
    470. 

  470. 	 *
    471. 

  471. 	 * @param string password Clear text password to encrypt
    472. 

  472. 	 * @param string type Type of password hash, either md5 or SHA
    473. 

  473. 	 * @return string encrypted password
    474. 

  474. 	 */
    475. 

  475. 	function generatePassword($password, $type='md5') {
    476. 

  476. 		$userpassword = '';
    477. 

  477. 		switch(strtolower($type)) {
    478. 

  478. 			case 'sha':
    479. 

  479. 				$userpassword = '{SHA}' . base64_encode( pack( 'H*', sha1( $password ) ) );
    480. 

  480. 			case 'md5':
    481. 

  481. 			default:
    482. 

  482. 				$userpassword = '{MD5}' . base64_encode( pack( 'H*', md5( $password ) ) );
    483. 

  483. 				break;
    484. 

  484. 		}
    485. 

  485. 		return $userpassword;
    486. 

  486. 	}
    487. 

  487. }
    488. 

  488.