PageRenderTime 48ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/joomla/libraries/joomla/client/ldap.php

https://github.com/reechalee/joomla1.6
PHP | 484 lines | 278 code | 33 blank | 173 comment | 34 complexity | a7d9add1470a3718a0f33b8f5d1b9f56 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1, BSD-3-Clause, JSON 
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @version		$Id: ldap.php 20196 2011-01-09 02:40:25Z ian $
    5. 

  5.  * @package		Joomla.Framework
    6. 

  6.  * @subpackage	Client
    7. 

  7.  * @copyright	Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
    8. 

  8.  * @license		GNU General Public License version 2 or later; see LICENSE.txt
    9. 

  9.  */
    10. 

  10. 

  11. 

  12. // No direct access
    13. 

  13. defined('JPATH_BASE') or die();
    14. 

  14. 

  15. /**
    16. 

  16.  * LDAP client class
    17. 

  17.  *
    18. 

  18.  * @package		Joomla.Framework
    19. 

  19.  * @subpackage	Client
    20. 

  20.  * @since		1.5
    21. 

  21.  */
    22. 

  22. class JLDAP extends JObject
    23. 

  23. {
    24. 

  24. 	/** @var string Hostname of LDAP server
    25. 

  25. 		@access public */
    26. 

  26. 	var $host = null;
    27. 

  27. 	/** @var bool Authorization Method to use
    28. 

  28. 		@access public */
    29. 

  29. 	var $auth_method = null;
    30. 

  30. 	/** @var int Port of LDAP server
    31. 

  31. 		@access public */
    32. 

  32. 	var $port = null;
    33. 

  33. 	/** @var string Base DN (e.g. o=MyDir)
    34. 

  34. 		@access public */
    35. 

  35. 	var $base_dn = null;
    36. 

  36. 	/** @var string User DN (e.g. cn=Users,o=MyDir)
    37. 

  37. 		@access public */
    38. 

  38. 	var $users_dn = null;
    39. 

  39. 	/** @var string Search String
    40. 

  40. 		@access public */
    41. 

  41. 	var $search_string = null;
    42. 

  42. 	/** @var boolean Use LDAP Version 3
    43. 

  43. 		@access public */
    44. 

  44. 	var $use_ldapV3 = null;
    45. 

  45. 	/** @var boolean No referrals (server transfers)
    46. 

  46. 		@access public */
    47. 

  47. 	var $no_referrals = null;
    48. 

  48. 	/** @var boolean Negotiate TLS (encrypted communications)
    49. 

  49. 		@access public */
    50. 

  50. 	var $negotiate_tls = null;
    51. 

  51. 

  52. 	/** @var string Username to connect to server
    53. 

  53. 		@access public */
    54. 

  54. 	var $username = null;
    55. 

  55. 	/** @var string Password to connect to server
    56. 

  56. 		@access public */
    57. 

  57. 	var $password = null;
    58. 

  58. 

  59. 	/** @var mixed LDAP Resource Identifier
    60. 

  60. 		@access private */
    61. 

  61. 	var $_resource = null;
    62. 

  62. 	/** @var string Current DN
    63. 

  63. 		@access private */
    64. 

  64. 	var $_dn = null;
    65. 

  65. 

  66. 	/**
    67. 

  67. 	 * Constructor
    68. 

  68. 	 *
    69. 

  69. 	 * @param object An object of configuration variables
    70. 

  70. 	 * @access public
    71. 

  71. 	 */
    72. 

  72. 	function __construct($configObj = null)
    73. 

  73. 	{
    74. 

  74. 		if (is_object($configObj))
    75. 

  75. 		{
    76. 

  76. 			$vars = get_class_vars(get_class($this));
    77. 

  77. 			foreach (array_keys($vars) as $var)
    78. 

  78. 			{
    79. 

  79. 				if (substr($var, 0, 1) != '_') {
    80. 

  80. 					if ($param = $configObj->get($var)) {
    81. 

  81. 						$this-> $var = $param;
    82. 

  82. 					}
    83. 

  83. 				}
    84. 

  84. 			}
    85. 

  85. 		}
    86. 

  86. 	}
    87. 

  87. 

  88. 	/**
    89. 

  89. 	 * Connect to server
    90. 

  90. 	 * @return boolean True if successful
    91. 

  91. 	 * @access public
    92. 

  92. 	 */
    93. 

  93. 	function connect()
    94. 

  94. 	{
    95. 

  95. 		if ($this->host == '') {
    96. 

  96. 			return false;
    97. 

  97. 		}
    98. 

  98. 		$this->_resource = @ ldap_connect($this->host, $this->port);
    99. 

  99. 		if ($this->_resource)
    100. 

  100. 		{
    101. 

  101. 			if ($this->use_ldapV3) {
    102. 

  102. 				if (!@ldap_set_option($this->_resource, LDAP_OPT_PROTOCOL_VERSION, 3)) {
    103. 

  103. 					return false;
    104. 

  104. 				}
    105. 

  105. 			}
    106. 

  106. 			if (!@ldap_set_option($this->_resource, LDAP_OPT_REFERRALS, intval($this->no_referrals))) {
    107. 

  107. 				return false;
    108. 

  108. 			}
    109. 

  109. 			if ($this->negotiate_tls) {
    110. 

  110. 				if (!@ldap_start_tls($this->_resource)) {
    111. 

  111. 					return false;
    112. 

  112. 				}
    113. 

  113. 			}
    114. 

  114. 			return true;
    115. 

  115. 		} else {
    116. 

  116. 			return false;
    117. 

  117. 		}
    118. 

  118. 	}
    119. 

  119. 

  120. 	/**
    121. 

  121. 	 * Close the connection
    122. 

  122. 	 * @access public
    123. 

  123. 	 */
    124. 

  124. 	function close() {
    125. 

  125. 		@ ldap_close($this->_resource);
    126. 

  126. 	}
    127. 

  127. 

  128. 	/**
    129. 

  129. 	 * Sets the DN with some template replacements
    130. 

  130. 	 *
    131. 

  131. 	 * @param string The username
    132. 

  132. 	 * @access public
    133. 

  133. 	 */
    134. 

  134. 	function setDN($username,$nosub = 0)
    135. 

  135. 	{
    136. 

  136. 		if ($this->users_dn == '' || $nosub) {
    137. 

  137. 			$this->_dn = $username;
    138. 

  138. 		} else if (strlen($username)) {
    139. 

  139. 			$this->_dn = str_replace('[username]', $username, $this->users_dn);
    140. 

  140. 		} else {
    141. 

  141. 			$this->_dn = '';
    142. 

  142. 		}
    143. 

  143. 	}
    144. 

  144. 

  145. 	/**
    146. 

  146. 	 * @return string The current dn
    147. 

  147. 	 * @access public
    148. 

  148. 	 */
    149. 

  149. 	function getDN() {
    150. 

  150. 		return $this->_dn;
    151. 

  151. 	}
    152. 

  152. 

  153. 	/**
    154. 

  154. 	 * Anonymously Binds to LDAP Directory
    155. 

  155. 	 */
    156. 

  156. 	function anonymous_bind()
    157. 

  157. 	{
    158. 

  158. 		$bindResult = @ldap_bind($this->_resource);
    159. 

  159. 		return $bindResult;
    160. 

  160. 	}
    161. 

  161. 

  162. 	/**
    163. 

  163. 	 * Binds to the LDAP directory
    164. 

  164. 	 *
    165. 

  165. 	 * @param string The username
    166. 

  166. 	 * @param string The password
    167. 

  167. 	 * @return boolean Result
    168. 

  168. 	 * @access public
    169. 

  169. 	 */
    170. 

  170. 	function bind($username = null, $password = null, $nosub = 0)
    171. 

  171. 	{
    172. 

  172. 		if (is_null($username)) {
    173. 

  173. 			$username = $this->username;
    174. 

  174. 		}
    175. 

  175. 		if (is_null($password)) {
    176. 

  176. 			$password = $this->password;
    177. 

  177. 		}
    178. 

  178. 		$this->setDN($username,$nosub);
    179. 

  179. 		//if (strlen($this->getDN()))
    180. 

  180. 		$bindResult = @ldap_bind($this->_resource, $this->getDN(), $password);
    181. 

  181. 		return $bindResult;
    182. 

  182. 	}
    183. 

  183. 

  184. 	/**
    185. 

  185. 	 * Perform an LDAP search using comma seperated search strings
    186. 

  186. 	 *
    187. 

  187. 	 * @param string search string of search values
    188. 

  188. 	 */
    189. 

  189. 	function simple_search($search)
    190. 

  190. 	{
    191. 

  191. 		$results = explode(';', $search);
    192. 

  192. 		foreach($results as $key=>$result) {
    193. 

  193. 			$results[$key] = '('.$result.')';
    194. 

  194. 		}
    195. 

  195. 		return $this->search($results);
    196. 

  196. 	}
    197. 

  197. 

  198. 

  199. 	/**
    200. 

  200. 	 * Perform an LDAP search
    201. 

  201. 	 *
    202. 

  202. 	 * @param array Search Filters (array of strings)
    203. 

  203. 	 * @param string DN Override
    204. 

  204. 	 * @return array Multidimensional array of results
    205. 

  205. 	 * @access public
    206. 

  206. 	 */
    207. 

  207. 	function search($filters, $dnoverride = null)
    208. 

  208. 	{
    209. 

  209. 		$attributes = array ();
    210. 

  210. 		if ($dnoverride) {
    211. 

  211. 			$dn = $dnoverride;
    212. 

  212. 		} else {
    213. 

  213. 			$dn = $this->base_dn;
    214. 

  214. 		}
    215. 

  215. 

  216. 		$resource = $this->_resource;
    217. 

  217. 

  218. 		foreach ($filters as $search_filter)
    219. 

  219. 		{
    220. 

  220. 			$search_result = @ldap_search($resource, $dn, $search_filter);
    221. 

  221. 			if ($search_result && ($count = @ldap_count_entries($resource, $search_result)) > 0)
    222. 

  222. 			{
    223. 

  223. 				for ($i = 0; $i < $count; $i++)
    224. 

  224. 				{
    225. 

  225. 					$attributes[$i] = Array ();
    226. 

  226. 					if (!$i) {
    227. 

  227. 						$firstentry = @ldap_first_entry($resource, $search_result);
    228. 

  228. 					} else {
    229. 

  229. 						$firstentry = @ldap_next_entry($resource, $firstentry);
    230. 

  230. 					}
    231. 

  231. 					$attributes_array = @ldap_get_attributes($resource, $firstentry); // load user-specified attributes
    232. 

  232. 					// ldap returns an array of arrays, fit this into attributes result array
    233. 

  233. 					foreach ($attributes_array as $ki => $ai)
    234. 

  234. 					{
    235. 

  235. 						if (is_array($ai))
    236. 

  236. 						{
    237. 

  237. 							$subcount = $ai['count'];
    238. 

  238. 							$attributes[$i][$ki] = Array ();
    239. 

  239. 							for ($k = 0; $k < $subcount; $k++) {
    240. 

  240. 								$attributes[$i][$ki][$k] = $ai[$k];
    241. 

  241. 							}
    242. 

  242. 						}
    243. 

  243. 					}
    244. 

  244. 					$attributes[$i]['dn'] = @ldap_get_dn($resource, $firstentry);
    245. 

  245. 				}
    246. 

  246. 			}
    247. 

  247. 		}
    248. 

  248. 		return $attributes;
    249. 

  249. 	}
    250. 

  250. 

  251. 	/**
    252. 

  252. 	 * Replace an entry and return a true or false result
    253. 

  253. 	 *
    254. 

  254. 	 * @param string dn The DN which contains the attribute you want to replace
    255. 

  255. 	 * @param string attribute The attribute values you want to replace
    256. 

  256. 	 * @return mixed result of comparison (true, false, -1 on error)
    257. 

  257. 	 */
    258. 

  258. 

  259. 	function replace($dn, $attribute) {
    260. 

  260. 		return @ldap_mod_replace($this->_resource, $dn, $attribute);
    261. 

  261. 	}
    262. 

  262. 

  263. 

  264. 	/**
    265. 

  265. 	 * Modifies an entry and return a true or false result
    266. 

  266. 	 *
    267. 

  267. 	 * @param string dn The DN which contains the attribute you want to modify
    268. 

  268. 	 * @param string attribute The attribute values you want to modify
    269. 

  269. 	 * @return mixed result of comparison (true, false, -1 on error)
    270. 

  270. 	 */
    271. 

  271. 	function modify($dn, $attribute) {
    272. 

  272. 		return @ldap_modify($this->_resource, $dn, $attribute);
    273. 

  273. 	}
    274. 

  274. 

  275. 	/**
    276. 

  276. 	 * Removes attribute value from given dn and return a true or false result
    277. 

  277. 	 *
    278. 

  278. 	 * @param string dn The DN which contains the attribute you want to remove
    279. 

  279. 	 * @param string attribute The attribute values you want to remove
    280. 

  280. 	 * @return mixed result of comparison (true, false, -1 on error)
    281. 

  281. 	 */
    282. 

  282. 	function remove($dn, $attribute)
    283. 

  283. 	{
    284. 

  284. 		$resource = $this->_resource;
    285. 

  285. 		return @ldap_mod_del($resource, $dn, $attribute);
    286. 

  286. 	}
    287. 

  287. 

  288. 	/**
    289. 

  289. 	 * Compare an entry and return a true or false result
    290. 

  290. 	 *
    291. 

  291. 	 * @param string dn The DN which contains the attribute you want to compare
    292. 

  292. 	 * @param string attribute The attribute whose value you want to compare
    293. 

  293. 	 * @param string value The value you want to check against the LDAP attribute
    294. 

  294. 	 * @return mixed result of comparison (true, false, -1 on error)
    295. 

  295. 	 * @access public
    296. 

  296. 	 */
    297. 

  297. 	function compare($dn, $attribute, $value) {
    298. 

  298. 		return @ldap_compare($this->_resource, $dn, $attribute, $value);
    299. 

  299. 	}
    300. 

  300. 

  301. 	/**
    302. 

  302. 	 * Read all or specified attributes of given dn
    303. 

  303. 	 *
    304. 

  304. 	 * @param string dn The DN of the object you want to read
    305. 

  305. 	 * @param string attribute The attribute values you want to read (Optional)
    306. 

  306. 	 * @return array of attributes or -1 on error
    307. 

  307. 	 * @access public
    308. 

  308. 	 */
    309. 

  309. 	function read($dn, $attribute = array())
    310. 

  310. 	{
    311. 

  311. 		$base = substr($dn,strpos($dn,',')+1);
    312. 

  312. 		$cn = substr($dn,0,strpos($dn,','));
    313. 

  313. 		$result = @ldap_read($this->_resource, $base, $cn);
    314. 

  314. 

  315. 		if ($result) {
    316. 

  316. 			return @ldap_get_entries($this->_resource, $result);
    317. 

  317. 		} else {
    318. 

  318. 			return $result;
    319. 

  319. 		}
    320. 

  320. 	}
    321. 

  321. 

  322. 	/**
    323. 

  323. 	 * Deletes a given DN from the tree
    324. 

  324. 	 *
    325. 

  325. 	 * @param string dn The DN of the object you want to delete
    326. 

  326. 	 * @return bool result of operation
    327. 

  327. 	 * @access public
    328. 

  328. 	 */
    329. 

  329. 	function delete($dn) {
    330. 

  330. 		return @ldap_delete($this->_resource, $dn);
    331. 

  331. 	}
    332. 

  332. 

  333. 	/**
    334. 

  334. 	 * Create a new DN
    335. 

  335. 	 *
    336. 

  336. 	 * @param string dn The DN where you want to put the object
    337. 

  337. 	 * @param array entries An array of arrays describing the object to add
    338. 

  338. 	 * @return bool result of operation
    339. 

  339. 	 */
    340. 

  340. 	function create($dn, $entries) {
    341. 

  341. 		return @ldap_add($this->_resource, $dn, $entries);
    342. 

  342. 	}
    343. 

  343. 

  344. 	/**
    345. 

  345. 	 * Add an attribute to the given DN
    346. 

  346. 	 * Note: DN has to exist already
    347. 

  347. 	 *
    348. 

  348. 	 * @param string dn The DN of the entry to add the attribute
    349. 

  349. 	 * @param array entry An array of arrays with attributes to add
    350. 

  350. 	 * @return bool Result of operation
    351. 

  351. 	 */
    352. 

  352. 	function add($dn, $entry) {
    353. 

  353. 		return @ldap_mod_add($this->_resource, $dn, $entry);
    354. 

  354. 	}
    355. 

  355. 

  356. 	/**
    357. 

  357. 	 * Rename the entry
    358. 

  358. 	 *
    359. 

  359. 	 * @param string dn The DN of the entry at the moment
    360. 

  360. 	 * @param string newdn The DN of the entry should be (only cn=newvalue)
    361. 

  361. 	 * @param string newparent The full DN of the parent (null by default)
    362. 

  362. 	 * @param bool deleteolddn Delete the old values (default)
    363. 

  363. 	 * @return bool Result of operation
    364. 

  364. 	 */
    365. 

  365. 	function rename($dn, $newdn, $newparent, $deleteolddn) {
    366. 

  366. 		return @ldap_rename($this->_resource, $dn, $newdn, $newparent, $deleteolddn);
    367. 

  367. 	}
    368. 

  368. 

  369. 	/**
    370. 

  370. 	 * Returns the error message
    371. 

  371. 	 *
    372. 

  372. 	 * @return string error message
    373. 

  373. 	 */
    374. 

  374. 	function getErrorMsg() {
    375. 

  375. 		return @ldap_error($this->_resource);
    376. 

  376. 	}
    377. 

  377. 

  378. 	/**
    379. 

  379. 	 * Converts a dot notation IP address to net address (e.g. for Netware, etc)
    380. 

  380. 	 *
    381. 

  381. 	 * @param string IP Address (e.g. xxx.xxx.xxx.xxx)
    382. 

  382. 	 * @return string Net address
    383. 

  383. 	 * @access public
    384. 

  384. 	 */
    385. 

  385. 	function ipToNetAddress($ip)
    386. 

  386. 	{
    387. 

  387. 		$parts = explode('.', $ip);
    388. 

  388. 		$address = '1#';
    389. 

  389. 

  390. 		foreach ($parts as $int) {
    391. 

  391. 			$tmp = dechex($int);
    392. 

  392. 			if (strlen($tmp) != 2) {
    393. 

  393. 				$tmp = '0' . $tmp;
    394. 

  394. 			}
    395. 

  395. 			$address .= '\\' . $tmp;
    396. 

  396. 		}
    397. 

  397. 		return $address;
    398. 

  398. 	}
    399. 

  399. 

  400. 	/**
    401. 

  401. 	 * extract readable network address from the LDAP encoded networkAddress attribute.
    402. 

  402. 	 * @author Jay Burrell, Systems & Networks, Mississippi State University
    403. 

  403. 	 * Please keep this document block and author attribution in place.
    404. 

  404. 	 *
    405. 

  405. 	 *  Novell Docs, see: http://developer.novell.com/ndk/doc/ndslib/schm_enu/data/sdk5624.html#sdk5624
    406. 

  406. 	 *  for Address types: http://developer.novell.com/ndk/doc/ndslib/index.html?page=/ndk/doc/ndslib/schm_enu/data/sdk4170.html
    407. 

  407. 	 *  LDAP Format, String:
    408. 

  408. 	 *	taggedData = uint32String "#" octetstring
    409. 

  409. 	 *	byte 0 = uint32String = Address Type: 0= IPX Address; 1 = IP Address
    410. 

  410. 	 *	byte 1 = char = "#" - separator
    411. 

  411. 	 *	byte 2+ = octetstring - the ordinal value of the address
    412. 

  412. 	 *	Note: with eDirectory 8.6.2, the IP address (type 1) returns
    413. 

  413. 	 *				correctly, however, an IPX address does not seem to.  eDir 8.7 may correct this.
    414. 

  414. 	 *  Enhancement made by Merijn van de Schoot:
    415. 

  415. 	 *	If addresstype is 8 (UDP) or 9 (TCP) do some additional parsing like still returning the IP address
    416. 

  416. 	 */
    417. 

  417. 	function LDAPNetAddr($networkaddress)
    418. 

  418. 	{
    419. 

  419. 		$addr = "";
    420. 

  420. 		$addrtype = intval(substr($networkaddress, 0, 1));
    421. 

  421. 		$networkaddress = substr($networkaddress, 2); // throw away bytes 0 and 1 which should be the addrtype and the "#" separator
    422. 

  422. 

  423. 		if (($addrtype == 8) || ($addrtype = 9)) {
    424. 

  424. 			// TODO 1.6: If UDP or TCP, (TODO fill addrport and) strip portnumber information from address
    425. 

  425. 			$networkaddress = substr($networkaddress, (strlen($networkaddress)-4));
    426. 

  426. 		}
    427. 

  427. 

  428. 		$addrtypes = array (
    429. 

  429. 			'IPX',
    430. 

  430. 			'IP',
    431. 

  431. 			'SDLC',
    432. 

  432. 			'Token Ring',
    433. 

  433. 			'OSI',
    434. 

  434. 			'AppleTalk',
    435. 

  435. 			'NetBEUI',
    436. 

  436. 			'Socket',
    437. 

  437. 			'UDP',
    438. 

  438. 			'TCP',
    439. 

  439. 			'UDP6',
    440. 

  440. 			'TCP6',
    441. 

  441. 			'Reserved (12)',
    442. 

  442. 			'URL',
    443. 

  443. 			'Count'
    444. 

  444. 		);
    445. 

  445. 		$len = strlen($networkaddress);
    446. 

  446. 		if ($len > 0)
    447. 

  447. 		{
    448. 

  448. 			for ($i = 0; $i < $len; $i += 1)
    449. 

  449. 			{
    450. 

  450. 				$byte = substr($networkaddress, $i, 1);
    451. 

  451. 				$addr .= ord($byte);
    452. 

  452. 				if (($addrtype == 1) || ($addrtype == 8) || ($addrtype = 9)) { // dot separate IP addresses...
    453. 

  453. 					$addr .= ".";
    454. 

  454. 				}
    455. 

  455. 			}
    456. 

  456. 			if (($addrtype == 1) || ($addrtype == 8) || ($addrtype = 9)) { // strip last period from end of $addr
    457. 

  457. 				$addr = substr($addr, 0, strlen($addr) - 1);
    458. 

  458. 			}
    459. 

  459. 		} else {
    460. 

  460. 			$addr .= JText::_('JLIB_CLIENT_ERROR_LDAP_ADDRESS_NOT_AVAILABLE');
    461. 

  461. 		}
    462. 

  462. 		return Array('protocol'=>$addrtypes[$addrtype], 'address'=>$addr);
    463. 

  463. 	}
    464. 

  464. 

  465. 	/**
    466. 

  466. 	 * Generates a LDAP compatible password
    467. 

  467. 	 *
    468. 

  468. 	 * @param string password Clear text password to encrypt
    469. 

  469. 	 * @param string type Type of password hash, either md5 or SHA
    470. 

  470. 	 * @return string encrypted password
    471. 

  471. 	 */
    472. 

  472. 	function generatePassword($password, $type='md5') {
    473. 

  473. 		$userpassword = '';
    474. 

  474. 		switch(strtolower($type)) {
    475. 

  475. 			case 'sha':
    476. 

  476. 				$userpassword = '{SHA}' . base64_encode(pack('H*', sha1($password)));
    477. 

  477. 			case 'md5':
    478. 

  478. 			default:
    479. 

  479. 				$userpassword = '{MD5}' . base64_encode(pack('H*', md5($password)));
    480. 

  480. 				break;
    481. 

  481. 		}
    482. 

  482. 		return $userpassword;
    483. 

  483. 	}
    484. 

  484. }
    485. 

  485.