PageRenderTime 66ms CodeModel.GetById 29ms RepoModel.GetById 0ms app.codeStats 1ms

/program/lib/Roundcube/rcube_ldap_generic.php

https://github.com/gabrieldarezzo/roundcubemail
PHP | 1055 lines | 614 code | 146 blank | 295 comment | 106 complexity | 8383297d5e1c9e2c113b2cda425d76ed MD5 | raw file
Possible License(s): GPL-3.0, LGPL-2.1 
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  +-----------------------------------------------------------------------+
    5. 

  5.  | Roundcube/rcube_ldap_generic.php                                      |
    6. 

  6.  |                                                                       |
    7. 

  7.  | This file is part of the Roundcube Webmail client                     |
    8. 

  8.  | Copyright (C) 2006-2013, The Roundcube Dev Team                       |
    9. 

  9.  | Copyright (C) 2012-2013, Kolab Systems AG                             |
    10. 

  10.  |                                                                       |
    11. 

  11.  | Licensed under the GNU General Public License version 3 or            |
    12. 

  12.  | any later version with exceptions for skins & plugins.                |
    13. 

  13.  | See the README file for a full license statement.                     |
    14. 

  14.  |                                                                       |
    15. 

  15.  | PURPOSE:                                                              |
    16. 

  16.  |   Provide basic functionality for accessing LDAP directories          |
    17. 

  17.  |                                                                       |
    18. 

  18.  +-----------------------------------------------------------------------+
    19. 

  19.  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
    20. 

  20.  |         Aleksander Machniak <machniak@kolabsys.com>                   |
    21. 

  21.  +-----------------------------------------------------------------------+
    22. 

  22. */
    23. 

  23. 

  24. 

  25. /*
    26. 

  26.   LDAP connection properties
    27. 

  27.   --------------------------
    28. 

    29. 

  29.   $prop = array(
    30. 

  30.       'host'            => '<ldap-server-address>',
    31. 

  31.       // or
    32. 

  32.       'hosts'           => array('directory.verisign.com'),
    33. 

  33.       'port'            => 389,
    34. 

  34.       'use_tls'         => true|false,
    35. 

  35.       'ldap_version'    => 3,             // using LDAPv3
    36. 

  36.       'auth_method'     => '',            // SASL authentication method (for proxy auth), e.g. DIGEST-MD5
    37. 

  37.       'attributes'      => array('dn'),   // List of attributes to read from the server
    38. 

  38.       'vlv'             => false,         // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
    39. 

  39.       'config_root_dn'  => 'cn=config',   // Root DN to read config (e.g. vlv indexes) from
    40. 

  40.       'numsub_filter'   => '(objectClass=organizationalUnit)',   // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting
    41. 

  41.       'sizelimit'       => '0',           // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
    42. 

  42.       'timelimit'       => '0',           // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
    43. 

  43.       'network_timeout' => 10,            // The timeout (in seconds) for connect + bind arrempts. This is only supported in PHP >= 5.3.0 with OpenLDAP 2.x
    44. 

  44.       'referrals'       => true|false,    // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
    45. 

  45.   );
    46. 

  46. */
    47. 

  47. 

  48. /**
    49. 

  49.  * Model class to access an LDAP directories
    50. 

  50.  *
    51. 

  51.  * @package    Framework
    52. 

  52.  * @subpackage LDAP
    53. 

  53.  */
    54. 

  54. class rcube_ldap_generic
    55. 

  55. {
    56. 

  56.     const UPDATE_MOD_ADD = 1;
    57. 

  57.     const UPDATE_MOD_DELETE = 2;
    58. 

  58.     const UPDATE_MOD_REPLACE = 4;
    59. 

  59.     const UPDATE_MOD_FULL = 7;
    60. 

  60. 

  61.     public $conn;
    62. 

  62.     public $vlv_active = false;
    63. 

  63. 

  64.     /** private properties */
    65. 

  65.     protected $cache = null;
    66. 

  66.     protected $config = array();
    67. 

  67.     protected $attributes = array('dn');
    68. 

  68.     protected $entries = null;
    69. 

  69.     protected $result = null;
    70. 

  70.     protected $debug = false;
    71. 

  71.     protected $list_page = 1;
    72. 

  72.     protected $page_size = 10;
    73. 

  73.     protected $vlv_config = null;
    74. 

  74. 

  75. 

  76.     /**
    77. 

  77.     * Object constructor
    78. 

  78.     *
    79. 

  79.     * @param array $p LDAP connection properties
    80. 

  80.     */
    81. 

  81.     function __construct($p)
    82. 

  82.     {
    83. 

  83.         $this->config = $p;
    84. 

  84. 

  85.         if (is_array($p['attributes']))
    86. 

  86.             $this->attributes = $p['attributes'];
    87. 

  87. 

  88.         if (!is_array($p['hosts']) && !empty($p['host']))
    89. 

  89.             $this->config['hosts'] = array($p['host']);
    90. 

  90.     }
    91. 

  91. 

  92.     /**
    93. 

  93.      * Activate/deactivate debug mode
    94. 

  94.      *
    95. 

  95.      * @param boolean $dbg True if LDAP commands should be logged
    96. 

  96.      */
    97. 

  97.     public function set_debug($dbg = true)
    98. 

  98.     {
    99. 

  99.         $this->debug = $dbg;
    100. 

  100.     }
    101. 

  101. 

  102.     /**
    103. 

  103.      * Set connection options
    104. 

  104.      *
    105. 

  105.      * @param mixed $opt Option name as string or hash array with multiple options
    106. 

  106.      * @param mixed $val Option value
    107. 

  107.      */
    108. 

  108.     public function set_config($opt, $val = null)
    109. 

  109.     {
    110. 

  110.         if (is_array($opt))
    111. 

  111.             $this->config = array_merge($this->config, $opt);
    112. 

  112.         else
    113. 

  113.             $this->config[$opt] = $value;
    114. 

  114.     }
    115. 

  115. 

  116.     /**
    117. 

  117.      * Enable caching by passing an instance of rcube_cache to be used by this object
    118. 

  118.      *
    119. 

  119.      * @param object rcube_cache Instance or False to disable caching
    120. 

  120.      */
    121. 

  121.     public function set_cache($cache_engine)
    122. 

  122.     {
    123. 

  123.         $this->cache = $cache_engine;
    124. 

  124.     }
    125. 

  125. 

  126.     /**
    127. 

  127.      * Set properties for VLV-based paging
    128. 

  128.      *
    129. 

  129.      * @param  number $page  Page number to list (starting at 1)
    130. 

  130.      * @param  number $size  Number of entries to display on one page
    131. 

  131.      */
    132. 

  132.     public function set_vlv_page($page, $size = 10)
    133. 

  133.     {
    134. 

  134.         $this->list_page = $page;
    135. 

  135.         $this->page_size = $size;
    136. 

  136.     }
    137. 

  137. 

  138.     /**
    139. 

  139.     * Establish a connection to the LDAP server
    140. 

  140.     */
    141. 

  141.     public function connect($host = null)
    142. 

  142.     {
    143. 

  143.         if (!function_exists('ldap_connect')) {
    144. 

  144.             rcube::raise_error(array('code' => 100, 'type' => 'ldap',
    145. 

  145.                 'file' => __FILE__, 'line' => __LINE__,
    146. 

  146.                 'message' => "No ldap support in this installation of PHP"),
    147. 

  147.                 true);
    148. 

  148.             return false;
    149. 

  149.         }
    150. 

  150. 

  151.         if (is_resource($this->conn) && $this->config['host'] == $host)
    152. 

  152.             return true;
    153. 

  153. 

  154.         if (empty($this->config['ldap_version']))
    155. 

  155.             $this->config['ldap_version'] = 3;
    156. 

  156. 

  157.         // iterate over hosts if none specified
    158. 

  158.         if (!$host) {
    159. 

  159.             if (!is_array($this->config['hosts']))
    160. 

  160.                 $this->config['hosts'] = array($this->config['hosts']);
    161. 

  161. 

  162.             foreach ($this->config['hosts'] as $host) {
    163. 

  163.                 if (!empty($host) && $this->connect($host)) {
    164. 

  164.                     return true;
    165. 

  165.                 }
    166. 

  166.             }
    167. 

  167. 

  168.             return false;
    169. 

  169.         }
    170. 

  170. 

  171.         // open connection to the given $host
    172. 

  172.         $host     = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
    173. 

  173.         $hostname = $host . ($this->config['port'] ? ':'.$this->config['port'] : '');
    174. 

  174. 

  175.         $this->_debug("C: Connect to $hostname [{$this->config['name']}]");
    176. 

  176. 

  177.         if ($lc = @ldap_connect($host, $this->config['port'])) {
    178. 

  178.             if ($this->config['use_tls'] === true)
    179. 

  179.                 if (!ldap_start_tls($lc))
    180. 

  180.                     continue;
    181. 

  181. 

  182.             $this->_debug("S: OK");
    183. 

  183. 

  184.             ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, $this->config['ldap_version']);
    185. 

  185.             $this->config['host'] = $host;
    186. 

  186.             $this->conn = $lc;
    187. 

  187. 

  188.             if (!empty($this->config['network_timeout']))
    189. 

  189.               ldap_set_option($lc, LDAP_OPT_NETWORK_TIMEOUT, $this->config['network_timeout']);
    190. 

  190. 

  191.             if (isset($this->config['referrals']))
    192. 

  192.                 ldap_set_option($lc, LDAP_OPT_REFERRALS, $this->config['referrals']);
    193. 

  193.         }
    194. 

  194.         else {
    195. 

  195.             $this->_debug("S: NOT OK");
    196. 

  196.         }
    197. 

  197. 

  198.         if (!is_resource($this->conn)) {
    199. 

  199.             rcube::raise_error(array('code' => 100, 'type' => 'ldap',
    200. 

  200.                 'file' => __FILE__, 'line' => __LINE__,
    201. 

  201.                 'message' => "Could not connect to any LDAP server, last tried $hostname"),
    202. 

  202.                 true);
    203. 

  203.             return false;
    204. 

  204.         }
    205. 

  205. 

  206.         return true;
    207. 

  207.     }
    208. 

  208. 

  209.     /**
    210. 

  210.      * Bind connection with (SASL-) user and password
    211. 

  211.      *
    212. 

  212.      * @param string $authc Authentication user
    213. 

  213.      * @param string $pass  Bind password
    214. 

  214.      * @param string $authz Autorization user
    215. 

  215.      *
    216. 

  216.      * @return boolean True on success, False on error
    217. 

  217.      */
    218. 

  218.     public function sasl_bind($authc, $pass, $authz=null)
    219. 

  219.     {
    220. 

  220.         if (!$this->conn) {
    221. 

  221.             return false;
    222. 

  222.         }
    223. 

  223. 

  224.         if (!function_exists('ldap_sasl_bind')) {
    225. 

  225.             rcube::raise_error(array('code' => 100, 'type' => 'ldap',
    226. 

  226.                 'file' => __FILE__, 'line' => __LINE__,
    227. 

  227.                 'message' => "Unable to bind: ldap_sasl_bind() not exists"),
    228. 

  228.                 true);
    229. 

  229.             return false;
    230. 

  230.         }
    231. 

  231. 

  232.         if (!empty($authz)) {
    233. 

  233.             $authz = 'u:' . $authz;
    234. 

  234.         }
    235. 

  235. 

  236.         if (!empty($this->config['auth_method'])) {
    237. 

  237.             $method = $this->config['auth_method'];
    238. 

  238.         }
    239. 

  239.         else {
    240. 

  240.             $method = 'DIGEST-MD5';
    241. 

  241.         }
    242. 

  242. 

  243.         $this->_debug("C: SASL Bind [mech: $method, authc: $authc, authz: $authz, pass: **** [" . strlen($pass) . "]");
    244. 

  244. 

  245.         if (ldap_sasl_bind($this->conn, NULL, $pass, $method, NULL, $authc, $authz)) {
    246. 

  246.             $this->_debug("S: OK");
    247. 

  247.             return true;
    248. 

  248.         }
    249. 

  249. 

  250.         $this->_debug("S: ".ldap_error($this->conn));
    251. 

  251. 

  252.         rcube::raise_error(array(
    253. 

  253.             'code' => ldap_errno($this->conn), 'type' => 'ldap',
    254. 

  254.             'file' => __FILE__, 'line' => __LINE__,
    255. 

  255.             'message' => "SASL Bind failed for authcid=$authc ".ldap_error($this->conn)),
    256. 

  256.             true);
    257. 

  257.         return false;
    258. 

  258.     }
    259. 

  259. 

  260.     /**
    261. 

  261.      * Bind connection with DN and password
    262. 

  262.      *
    263. 

  263.      * @param string $dn   Bind DN
    264. 

  264.      * @param string $pass Bind password
    265. 

  265.      *
    266. 

  266.      * @return boolean True on success, False on error
    267. 

  267.      */
    268. 

  268.     public function bind($dn, $pass)
    269. 

  269.     {
    270. 

  270.         if (!$this->conn) {
    271. 

  271.             return false;
    272. 

  272.         }
    273. 

  273. 

  274.         $this->_debug("C: Bind $dn, pass: **** [" . strlen($pass) . "]");
    275. 

  275. 

  276.         if (@ldap_bind($this->conn, $dn, $pass)) {
    277. 

  277.             $this->_debug("S: OK");
    278. 

  278.             return true;
    279. 

  279.         }
    280. 

  280. 

  281.         $this->_debug("S: ".ldap_error($this->conn));
    282. 

  282. 

  283.         rcube::raise_error(array(
    284. 

  284.             'code' => ldap_errno($this->conn), 'type' => 'ldap',
    285. 

  285.             'file' => __FILE__, 'line' => __LINE__,
    286. 

  286.             'message' => "Bind failed for dn=$dn: ".ldap_error($this->conn)),
    287. 

  287.             true);
    288. 

  288. 

  289.         return false;
    290. 

  290.     }
    291. 

  291. 

  292.     /**
    293. 

  293.      * Close connection to LDAP server
    294. 

  294.      */
    295. 

  295.     public function close()
    296. 

  296.     {
    297. 

  297.         if ($this->conn) {
    298. 

  298.             $this->_debug("C: Close");
    299. 

  299.             ldap_unbind($this->conn);
    300. 

  300.             $this->conn = null;
    301. 

  301.         }
    302. 

  302.     }
    303. 

  303. 

  304.     /**
    305. 

  305.      * Return the last result set
    306. 

  306.      *
    307. 

  307.      * @return object rcube_ldap_result Result object
    308. 

  308.      */
    309. 

  309.     function get_result()
    310. 

  310.     {
    311. 

  311.         return $this->result;
    312. 

  312.     }
    313. 

  313. 

  314.     /**
    315. 

  315.      * Get a specific LDAP entry, identified by its DN
    316. 

  316.      *
    317. 

  317.      * @param string $dn Record identifier
    318. 

  318.      * @return array     Hash array
    319. 

  319.      */
    320. 

  320.     function get_entry($dn)
    321. 

  321.     {
    322. 

  322.         $rec = null;
    323. 

  323. 

  324.         if ($this->conn && $dn) {
    325. 

  325.             $this->_debug("C: Read $dn [(objectclass=*)]");
    326. 

  326. 

  327.             if ($ldap_result = @ldap_read($this->conn, $dn, '(objectclass=*)', $this->attributes)) {
    328. 

  328.                 $this->_debug("S: OK");
    329. 

  329. 

  330.                 if ($entry = ldap_first_entry($this->conn, $ldap_result)) {
    331. 

  331.                     $rec = ldap_get_attributes($this->conn, $entry);
    332. 

  332.                 }
    333. 

  333.             }
    334. 

  334.             else {
    335. 

  335.                 $this->_debug("S: ".ldap_error($this->conn));
    336. 

  336.             }
    337. 

  337. 

  338.             if (!empty($rec)) {
    339. 

  339.                 $rec['dn'] = $dn; // Add in the dn for the entry.
    340. 

  340.             }
    341. 

  341.         }
    342. 

  342. 

  343.         return $rec;
    344. 

  344.     }
    345. 

  345. 

  346.     /**
    347. 

  347.      * Execute the LDAP search based on the stored credentials
    348. 

  348.      *
    349. 

  349.      * @param string $base_dn  The base DN to query
    350. 

  350.      * @param string $filter   The LDAP filter for search
    351. 

  351.      * @param string $scope    The LDAP scope (list|sub|base)
    352. 

  352.      * @param array  $attrs    List of entry attributes to read
    353. 

  353.      * @param array  $prop     Hash array with query configuration properties:
    354. 

  354.      *   - sort: array of sort attributes (has to be in sync with the VLV index)
    355. 

  355.      *   - search: search string used for VLV controls
    356. 

  356.      * @param boolean $count_only Set to true if only entry count is requested
    357. 

  357.      *
    358. 

  358.      * @return mixed  rcube_ldap_result object or number of entries (if count_only=true) or false on error
    359. 

  359.      */
    360. 

  360.     public function search($base_dn, $filter = '', $scope = 'sub', $attrs = array('dn'), $prop = array(), $count_only = false)
    361. 

  361.     {
    362. 

  362.         if (!$this->conn) {
    363. 

  363.             return false;
    364. 

  364.         }
    365. 

  365. 

  366.         if (empty($filter)) {
    367. 

  367.             $filter = '(objectclass=*)';
    368. 

  368.         }
    369. 

  369. 

  370.         $this->_debug("C: Search $base_dn for $filter");
    371. 

  371. 

  372.         $function = self::scope2func($scope, $ns_function);
    373. 

  373. 

  374.         // find available VLV index for this query
    375. 

  375.         if (!$count_only && ($vlv_sort = $this->_find_vlv($base_dn, $filter, $scope, $prop['sort']))) {
    376. 

  376.             // when using VLV, we get the total count by...
    377. 

  377.             // ...either reading numSubOrdinates attribute
    378. 

  378.             if (($sub_filter = $this->config['numsub_filter']) &&
    379. 

  379.                 ($result_count = @$ns_function($this->conn, $base_dn, $sub_filter, array('numSubOrdinates'), 0, 0, 0))
    380. 

  380.             ) {
    381. 

  381.                 $counts = ldap_get_entries($this->conn, $result_count);
    382. 

  382.                 for ($vlv_count = $j = 0; $j < $counts['count']; $j++)
    383. 

  383.                     $vlv_count += $counts[$j]['numsubordinates'][0];
    384. 

  384.                 $this->_debug("D: total numsubordinates = " . $vlv_count);
    385. 

  385.             }
    386. 

  386.             // ...or by fetching all records dn and count them
    387. 

  387.             else if (!function_exists('ldap_parse_virtuallist_control')) {
    388. 

  388.                 $vlv_count = $this->search($base_dn, $filter, $scope, array('dn'), $prop, true);
    389. 

  389.             }
    390. 

  390. 

  391.             $this->vlv_active = $this->_vlv_set_controls($vlv_sort, $this->list_page, $this->page_size, $prop['search']);
    392. 

  392.         }
    393. 

  393.         else {
    394. 

  394.             $this->vlv_active = false;
    395. 

  395.         }
    396. 

  396. 

  397.         // only fetch dn for count (should keep the payload low)
    398. 

  398.         if ($ldap_result = @$function($this->conn, $base_dn, $filter,
    399. 

  399.             $attrs, 0, (int)$this->config['sizelimit'], (int)$this->config['timelimit'])
    400. 

  400.         ) {
    401. 

  401.             // when running on a patched PHP we can use the extended functions
    402. 

  402.             // to retrieve the total count from the LDAP search result
    403. 

  403.             if ($this->vlv_active && function_exists('ldap_parse_virtuallist_control')) {
    404. 

  404.                 if (ldap_parse_result($this->conn, $ldap_result, $errcode, $matcheddn, $errmsg, $referrals, $serverctrls)) {
    405. 

  405.                     ldap_parse_virtuallist_control($this->conn, $serverctrls, $last_offset, $vlv_count, $vresult);
    406. 

  406.                     $this->_debug("S: VLV result: last_offset=$last_offset; content_count=$vlv_count");
    407. 

  407.                 }
    408. 

  408.                 else {
    409. 

  409.                     $this->_debug("S: ".($errmsg ? $errmsg : ldap_error($this->conn)));
    410. 

  410.                 }
    411. 

  411.             }
    412. 

  412.             else if ($this->debug) {
    413. 

  413.                 $this->_debug("S: ".ldap_count_entries($this->conn, $ldap_result)." record(s) found");
    414. 

  414.             }
    415. 

  415. 

  416.             $this->result = new rcube_ldap_result($this->conn, $ldap_result, $base_dn, $filter, $vlv_count);
    417. 

  417. 

  418.             return $count_only ? $this->result->count() : $this->result;
    419. 

  419.         }
    420. 

  420.         else {
    421. 

  421.             $this->_debug("S: ".ldap_error($this->conn));
    422. 

  422.         }
    423. 

  423. 

  424.         return false;
    425. 

  425.     }
    426. 

  426. 

  427.     /**
    428. 

  428.      * Modify an LDAP entry on the server
    429. 

  429.      *
    430. 

  430.      * @param string $dn      Entry DN
    431. 

  431.      * @param array  $params  Hash array of entry attributes
    432. 

  432.      * @param int    $mode    Update mode (UPDATE_MOD_ADD | UPDATE_MOD_DELETE | UPDATE_MOD_REPLACE)
    433. 

  433.      */
    434. 

  434.     public function modify($dn, $parms, $mode = 255)
    435. 

  435.     {
    436. 

  436.         // TODO: implement this
    437. 

  437. 

  438.         return false;
    439. 

  439.     }
    440. 

  440. 

  441.     /**
    442. 

  442.      * Wrapper for ldap_add()
    443. 

  443.      *
    444. 

  444.      * @see ldap_add()
    445. 

  445.      */
    446. 

  446.     public function add($dn, $entry)
    447. 

  447.     {
    448. 

  448.         $this->_debug("C: Add $dn: ".print_r($entry, true));
    449. 

  449. 

  450.         $res = ldap_add($this->conn, $dn, $entry);
    451. 

  451.         if ($res === false) {
    452. 

  452.             $this->_debug("S: ".ldap_error($this->conn));
    453. 

  453.             return false;
    454. 

  454.         }
    455. 

  455. 

  456.         $this->_debug("S: OK");
    457. 

  457.         return true;
    458. 

  458.     }
    459. 

  459. 

  460.     /**
    461. 

  461.      * Wrapper for ldap_delete()
    462. 

  462.      *
    463. 

  463.      * @see ldap_delete()
    464. 

  464.      */
    465. 

  465.     public function delete($dn)
    466. 

  466.     {
    467. 

  467.         $this->_debug("C: Delete $dn");
    468. 

  468. 

  469.         $res = ldap_delete($this->conn, $dn);
    470. 

  470.         if ($res === false) {
    471. 

  471.             $this->_debug("S: ".ldap_error($this->conn));
    472. 

  472.             return false;
    473. 

  473.         }
    474. 

  474. 

  475.         $this->_debug("S: OK");
    476. 

  476.         return true;
    477. 

  477.     }
    478. 

  478. 

  479.     /**
    480. 

  480.      * Wrapper for ldap_mod_replace()
    481. 

  481.      *
    482. 

  482.      * @see ldap_mod_replace()
    483. 

  483.      */
    484. 

  484.     public function mod_replace($dn, $entry)
    485. 

  485.     {
    486. 

  486.         $this->_debug("C: Replace $dn: ".print_r($entry, true));
    487. 

  487. 

  488.         if (!ldap_mod_replace($this->conn, $dn, $entry)) {
    489. 

  489.             $this->_debug("S: ".ldap_error($this->conn));
    490. 

  490.             return false;
    491. 

  491.         }
    492. 

  492. 

  493.         $this->_debug("S: OK");
    494. 

  494.         return true;
    495. 

  495.     }
    496. 

  496. 

  497.     /**
    498. 

  498.      * Wrapper for ldap_mod_add()
    499. 

  499.      *
    500. 

  500.      * @see ldap_mod_add()
    501. 

  501.      */
    502. 

  502.     public function mod_add($dn, $entry)
    503. 

  503.     {
    504. 

  504.         $this->_debug("C: Add $dn: ".print_r($entry, true));
    505. 

  505. 

  506.         if (!ldap_mod_add($this->conn, $dn, $entry)) {
    507. 

  507.             $this->_debug("S: ".ldap_error($this->conn));
    508. 

  508.             return false;
    509. 

  509.         }
    510. 

  510. 

  511.         $this->_debug("S: OK");
    512. 

  512.         return true;
    513. 

  513.     }
    514. 

  514. 

  515.     /**
    516. 

  516.      * Wrapper for ldap_mod_del()
    517. 

  517.      *
    518. 

  518.      * @see ldap_mod_del()
    519. 

  519.      */
    520. 

  520.     public function mod_del($dn, $entry)
    521. 

  521.     {
    522. 

  522.         $this->_debug("C: Delete $dn: ".print_r($entry, true));
    523. 

  523. 

  524.         if (!ldap_mod_del($this->conn, $dn, $entry)) {
    525. 

  525.             $this->_debug("S: ".ldap_error($this->conn));
    526. 

  526.             return false;
    527. 

  527.         }
    528. 

  528. 

  529.         $this->_debug("S: OK");
    530. 

  530.         return true;
    531. 

  531.     }
    532. 

  532. 

  533.     /**
    534. 

  534.      * Wrapper for ldap_rename()
    535. 

  535.      *
    536. 

  536.      * @see ldap_rename()
    537. 

  537.      */
    538. 

  538.     public function rename($dn, $newrdn, $newparent = null, $deleteoldrdn = true)
    539. 

  539.     {
    540. 

  540.         $this->_debug("C: Rename $dn to $newrdn");
    541. 

  541. 

  542.         if (!ldap_rename($this->conn, $dn, $newrdn, $newparent, $deleteoldrdn)) {
    543. 

  543.             $this->_debug("S: ".ldap_error($this->conn));
    544. 

  544.             return false;
    545. 

  545.         }
    546. 

  546. 

  547.         $this->_debug("S: OK");
    548. 

  548.         return true;
    549. 

  549.     }
    550. 

  550. 

  551.     /**
    552. 

  552.      * Wrapper for ldap_list() + ldap_get_entries()
    553. 

  553.      *
    554. 

  554.      * @see ldap_list()
    555. 

  555.      * @see ldap_get_entries()
    556. 

  556.      */
    557. 

  557.     public function list_entries($dn, $filter, $attributes = array('dn'))
    558. 

  558.     {
    559. 

  559.         $list = array();
    560. 

  560.         $this->_debug("C: List $dn [{$filter}]");
    561. 

  561. 

  562.         if ($result = ldap_list($this->conn, $dn, $filter, $attributes)) {
    563. 

  563.             $list = ldap_get_entries($this->conn, $result);
    564. 

  564. 

  565.             if ($list === false) {
    566. 

  566.                 $this->_debug("S: ".ldap_error($this->conn));
    567. 

  567.                 return array();
    568. 

  568.             }
    569. 

  569. 

  570.             $count = $list['count'];
    571. 

  571.             unset($list['count']);
    572. 

  572. 

  573.             $this->_debug("S: $count record(s)");
    574. 

  574.         }
    575. 

  575.         else {
    576. 

  576.             $this->_debug("S: ".ldap_error($this->conn));
    577. 

  577.         }
    578. 

  578. 

  579.         return $list;
    580. 

  580.     }
    581. 

  581. 

  582.     /**
    583. 

  583.      * Wrapper for ldap_read() + ldap_get_entries()
    584. 

  584.      *
    585. 

  585.      * @see ldap_read()
    586. 

  586.      * @see ldap_get_entries()
    587. 

  587.      */
    588. 

  588.     public function read_entries($dn, $filter, $attributes = null)
    589. 

  589.     {
    590. 

  590.         $this->_debug("C: Read $dn [{$filter}]");
    591. 

  591. 

  592.         if ($this->conn && $dn) {
    593. 

  593.             if (!$attributes)
    594. 

  594.                 $attributes = $this->attributes;
    595. 

  595. 

  596.             $result = @ldap_read($this->conn, $dn, $filter, $attributes, 0, (int)$this->config['sizelimit'], (int)$this->config['timelimit']);
    597. 

  597.             if ($result === false) {
    598. 

  598.                 $this->_debug("S: ".ldap_error($this->conn));
    599. 

  599.                 return false;
    600. 

  600.             }
    601. 

  601. 

  602.             $this->_debug("S: OK");
    603. 

  603.             return ldap_get_entries($this->conn, $result);
    604. 

  604.         }
    605. 

  605. 

  606.         return false;
    607. 

  607.     }
    608. 

  608. 

  609.     /**
    610. 

  610.      * Choose the right PHP function according to scope property
    611. 

  611.      *
    612. 

  612.      * @param string $scope         The LDAP scope (sub|base|list)
    613. 

  613.      * @param string $ns_function   Function to be used for numSubOrdinates queries
    614. 

  614.      * @return string  PHP function to be used to query directory
    615. 

  615.      */
    616. 

  616.     public static function scope2func($scope, &$ns_function = null)
    617. 

  617.     {
    618. 

  618.         switch ($scope) {
    619. 

  619.           case 'sub':
    620. 

  620.             $function = $ns_function  = 'ldap_search';
    621. 

  621.             break;
    622. 

  622.           case 'base':
    623. 

  623.             $function = $ns_function = 'ldap_read';
    624. 

  624.             break;
    625. 

  625.           default:
    626. 

  626.             $function = 'ldap_list';
    627. 

  627.             $ns_function = 'ldap_read';
    628. 

  628.             break;
    629. 

  629.         }
    630. 

  630. 

  631.         return $function;
    632. 

  632.     }
    633. 

  633. 

  634.     /**
    635. 

  635.      * Convert the given scope integer value to a string representation
    636. 

  636.      */
    637. 

  637.     public static function scopeint2str($scope)
    638. 

  638.     {
    639. 

  639.         switch ($scope) {
    640. 

  640.             case 2:  return 'sub';
    641. 

  641.             case 1:  return 'one';
    642. 

  642.             case 0:  return 'base';
    643. 

  643.             default: $this->_debug("Scope $scope is not a valid scope integer");
    644. 

  644.         }
    645. 

  645. 

  646.         return '';
    647. 

  647.     }
    648. 

  648. 

  649.     /**
    650. 

  650.      * Escapes the given value according to RFC 2254 so that it can be safely used in LDAP filters.
    651. 

  651.      *
    652. 

  652.      * @param string $val Value to quote
    653. 

  653.      * @return string The escaped value
    654. 

  654.      */
    655. 

  655.     public static function escape_value($val)
    656. 

  656.     {
    657. 

  657.         return strtr($str, array('*'=>'\2a', '('=>'\28', ')'=>'\29',
    658. 

  658.             '\\'=>'\5c', '/'=>'\2f'));
    659. 

  659.     }
    660. 

  660. 

  661.     /**
    662. 

  662.      * Escapes a DN value according to RFC 2253
    663. 

  663.      *
    664. 

  664.      * @param string $dn DN value o quote
    665. 

  665.      * @return string The escaped value
    666. 

  666.      */
    667. 

  667.     public static function escape_dn($dn)
    668. 

  668.     {
    669. 

  669.         return strtr($str, array(','=>'\2c', '='=>'\3d', '+'=>'\2b',
    670. 

  670.             '<'=>'\3c', '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c',
    671. 

  671.             '"'=>'\22', '#'=>'\23'));
    672. 

  672.     }
    673. 

  673. 

  674.     /**
    675. 

  675.      * Normalize a LDAP result by converting entry attributes arrays into single values
    676. 

  676.      *
    677. 

  677.      * @param array $result LDAP result set fetched with ldap_get_entries()
    678. 

  678.      * @return array        Hash array with normalized entries, indexed by their DNs
    679. 

  679.      */
    680. 

  680.     public static function normalize_result($result)
    681. 

  681.     {
    682. 

  682.         if (!is_array($result)) {
    683. 

  683.             return array();
    684. 

  684.         }
    685. 

  685. 

  686.         $entries  = array();
    687. 

  687.         for ($i = 0; $i < $result['count']; $i++) {
    688. 

  688.             $key = $result[$i]['dn'] ? $result[$i]['dn'] : $i;
    689. 

  689.             $entries[$key] = self::normalize_entry($result[$i]);
    690. 

  690.         }
    691. 

  691. 

  692.         return $entries;
    693. 

  693.     }
    694. 

  694. 

  695.     /**
    696. 

  696.      * Turn an LDAP entry into a regular PHP array with attributes as keys.
    697. 

  697.      *
    698. 

  698.      * @param array $entry Attributes array as retrieved from ldap_get_attributes() or ldap_get_entries()
    699. 

  699.      *
    700. 

  700.      * @return array       Hash array with attributes as keys
    701. 

  701.      */
    702. 

  702.     public static function normalize_entry($entry)
    703. 

  703.     {
    704. 

  704.         if (!isset($entry['count'])) {
    705. 

  705.             return $entry;
    706. 

  706.         }
    707. 

  707. 

  708.         $rec = array();
    709. 

  709. 

  710.         for ($i=0; $i < $entry['count']; $i++) {
    711. 

  711.             $attr = $entry[$i];
    712. 

  712.             if ($entry[$attr]['count'] == 1) {
    713. 

  713.                 switch ($attr) {
    714. 

  714.                     case 'objectclass':
    715. 

  715.                         $rec[$attr] = array(strtolower($entry[$attr][0]));
    716. 

  716.                         break;
    717. 

  717.                     default:
    718. 

  718.                         $rec[$attr] = $entry[$attr][0];
    719. 

  719.                         break;
    720. 

  720.                 }
    721. 

  721.             }
    722. 

  722.             else {
    723. 

  723.                 for ($j=0; $j < $entry[$attr]['count']; $j++) {
    724. 

  724.                     $rec[$attr][$j] = $entry[$attr][$j];
    725. 

  725.                 }
    726. 

  726.             }
    727. 

  727.         }
    728. 

  728. 

  729.         return $rec;
    730. 

  730.     }
    731. 

  731. 

  732.     /**
    733. 

  733.      * Set server controls for Virtual List View (paginated listing)
    734. 

  734.      */
    735. 

  735.     private function _vlv_set_controls($sort, $list_page, $page_size, $search = null)
    736. 

  736.     {
    737. 

  737.         $sort_ctrl = array('oid' => "1.2.840.113556.1.4.473",  'value' => self::_sort_ber_encode((array)$sort));
    738. 

  738.         $vlv_ctrl  = array('oid' => "2.16.840.1.113730.3.4.9", 'value' => self::_vlv_ber_encode(($offset = ($list_page-1) * $page_size + 1), $page_size, $search), 'iscritical' => true);
    739. 

  739. 

  740.         $this->_debug("C: Set controls sort=" . join(' ', unpack('H'.(strlen($sort_ctrl['value'])*2), $sort_ctrl['value'])) . " ($sort[0]);"
    741. 

  741.             . " vlv=" . join(' ', (unpack('H'.(strlen($vlv_ctrl['value'])*2), $vlv_ctrl['value']))) . " ($offset/$page_size; $search)");
    742. 

  742. 

  743.         if (!ldap_set_option($this->conn, LDAP_OPT_SERVER_CONTROLS, array($sort_ctrl, $vlv_ctrl))) {
    744. 

  744.             $this->_debug("S: ".ldap_error($this->conn));
    745. 

  745.             $this->set_error(self::ERROR_SEARCH, 'vlvnotsupported');
    746. 

  746.             return false;
    747. 

  747.         }
    748. 

  748. 

  749.         return true;
    750. 

  750.     }
    751. 

  751. 

  752.     /**
    753. 

  753.      * Returns unified attribute name (resolving aliases)
    754. 

  754.      */
    755. 

  755.     private static function _attr_name($namev)
    756. 

  756.     {
    757. 

  757.         // list of known attribute aliases
    758. 

  758.         static $aliases = array(
    759. 

  759.             'gn' => 'givenname',
    760. 

  760.             'rfc822mailbox' => 'email',
    761. 

  761.             'userid' => 'uid',
    762. 

  762.             'emailaddress' => 'email',
    763. 

  763.             'pkcs9email' => 'email',
    764. 

  764.         );
    765. 

  765. 

  766.         list($name, $limit) = explode(':', $namev, 2);
    767. 

  767.         $suffix = $limit ? ':'.$limit : '';
    768. 

  768. 

  769.         return (isset($aliases[$name]) ? $aliases[$name] : $name) . $suffix;
    770. 

  770.     }
    771. 

  771. 

  772.     /**
    773. 

  773.      * Quotes attribute value string
    774. 

  774.      *
    775. 

  775.      * @param string $str Attribute value
    776. 

  776.      * @param bool   $dn  True if the attribute is a DN
    777. 

  777.      *
    778. 

  778.      * @return string Quoted string
    779. 

  779.      */
    780. 

  780.     public static function quote_string($str, $dn=false)
    781. 

  781.     {
    782. 

  782.         // take firt entry if array given
    783. 

  783.         if (is_array($str))
    784. 

  784.             $str = reset($str);
    785. 

  785. 

  786.         if ($dn)
    787. 

  787.             $replace = array(','=>'\2c', '='=>'\3d', '+'=>'\2b', '<'=>'\3c',
    788. 

  788.                 '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c', '"'=>'\22', '#'=>'\23');
    789. 

  789.         else
    790. 

  790.             $replace = array('*'=>'\2a', '('=>'\28', ')'=>'\29', '\\'=>'\5c',
    791. 

  791.                 '/'=>'\2f');
    792. 

  792. 

  793.         return strtr($str, $replace);
    794. 

  794.     }
    795. 

  795. 

  796.     /**
    797. 

  797.      * Prints debug info to the log
    798. 

  798.      */
    799. 

  799.     private function _debug($str)
    800. 

  800.     {
    801. 

  801.         if ($this->debug && class_exists('rcube')) {
    802. 

  802.             rcube::write_log('ldap', $str);
    803. 

  803.         }
    804. 

  804.     }
    805. 

  805. 

  806. 

  807.     /*****************  Virtual List View (VLV) related utility functions  **************** */
    808. 

  808. 

  809.     /**
    810. 

  810.      * Return the search string value to be used in VLV controls
    811. 

  811.      */
    812. 

  812.     private function _vlv_search($sort, $search)
    813. 

  813.     {
    814. 

  814.         foreach ($search as $attr => $value) {
    815. 

  815.             if (!in_array(strtolower($attr), $sort)) {
    816. 

  816.                 $this->_debug("d: Cannot use VLV search using attribute not indexed: $attr (not in " . var_export($sort, true) . ")");
    817. 

  817.                 return null;
    818. 

  818.             } else {
    819. 

  819.                 return $value;
    820. 

  820.             }
    821. 

  821.         }
    822. 

  822.     }
    823. 

  823. 

  824.     /**
    825. 

  825.      * Find a VLV index matching the given query attributes
    826. 

  826.      *
    827. 

  827.      * @return string Sort attribute or False if no match
    828. 

  828.      */
    829. 

  829.     private function _find_vlv($base_dn, $filter, $scope, $sort_attrs = null)
    830. 

  830.     {
    831. 

  831.         if (!$this->config['vlv'] || $scope == 'base') {
    832. 

  832.             return false;
    833. 

  833.         }
    834. 

  834. 

  835.         // get vlv config
    836. 

  836.         $vlv_config = $this->_read_vlv_config();
    837. 

  837. 

  838.         if ($vlv = $vlv_config[$base_dn]) {
    839. 

  839.             $this->_debug("D: Found a VLV for $base_dn");
    840. 

  840. 

  841.             if ($vlv['filter'] == strtolower($filter) || stripos($filter, '(&'.$vlv['filter'].'(') === 0) {
    842. 

  842.                 $this->_debug("D: Filter matches");
    843. 

  843.                 if ($vlv['scope'] == $scope) {
    844. 

  844.                     // Not passing any sort attributes means you don't care
    845. 

  845.                     if (empty($sort_attrs) || in_array($sort_attrs, $vlv['sort'])) {
    846. 

  846.                         return $vlv['sort'][0];
    847. 

  847.                     }
    848. 

  848.                 }
    849. 

  849.                 else {
    850. 

  850.                     $this->_debug("D: Scope does not match");
    851. 

  851.                 }
    852. 

  852.             }
    853. 

  853.             else {
    854. 

  854.                 $this->_debug("D: Filter does not match");
    855. 

  855.             }
    856. 

  856.         }
    857. 

  857.         else {
    858. 

  858.             $this->_debug("D: No VLV for $base_dn");
    859. 

  859.         }
    860. 

  860. 

  861.         return false;
    862. 

  862.     }
    863. 

  863. 

  864.     /**
    865. 

  865.      * Return VLV indexes and searches including necessary configuration
    866. 

  866.      * details.
    867. 

  867.      */
    868. 

  868.     private function _read_vlv_config()
    869. 

  869.     {
    870. 

  870.         if (empty($this->config['vlv']) || empty($this->config['config_root_dn'])) {
    871. 

  871.             return array();
    872. 

  872.         }
    873. 

  873.         // return hard-coded VLV config
    874. 

  874.         else if (is_array($this->config['vlv'])) {
    875. 

  875.             return $this->config['vlv'];
    876. 

  876.         }
    877. 

  877. 

  878.         // return cached result
    879. 

  879.         if (is_array($this->vlv_config)) {
    880. 

  880.             return $this->vlv_config;
    881. 

  881.         }
    882. 

  882. 

  883.         if ($this->cache && ($cached_config = $this->cache->get('vlvconfig'))) {
    884. 

  884.             $this->vlv_config = $cached_config;
    885. 

  885.             return $this->vlv_config;
    886. 

  886.         }
    887. 

  887. 

  888.         $this->vlv_config = array();
    889. 

  889. 

  890.         $ldap_result = ldap_search($this->conn, $this->config['config_root_dn'], '(objectclass=vlvsearch)', array('*'), 0, 0, 0);
    891. 

  891.         $vlv_searches = new rcube_ldap_result($this->conn, $ldap_result, $this->config['config_root_dn'], '(objectclass=vlvsearch)');
    892. 

  892. 

  893.         if ($vlv_searches->count() < 1) {
    894. 

  894.             $this->_debug("D: Empty result from search for '(objectclass=vlvsearch)' on '$config_root_dn'");
    895. 

  895.             return array();
    896. 

  896.         }
    897. 

  897. 

  898.         foreach ($vlv_searches->entries(true) as $vlv_search_dn => $vlv_search_attrs) {
    899. 

  899.             // Multiple indexes may exist
    900. 

  900.             $ldap_result = ldap_search($this->conn, $vlv_search_dn, '(objectclass=vlvindex)', array('*'), 0, 0, 0);
    901. 

  901.             $vlv_indexes = new rcube_ldap_result($this->conn, $ldap_result, $vlv_search_dn, '(objectclass=vlvindex)');
    902. 

  902. 

  903.             // Reset this one for each VLV search.
    904. 

  904.             $_vlv_sort = array();
    905. 

  905.             foreach ($vlv_indexes->entries(true) as $vlv_index_dn => $vlv_index_attrs) {
    906. 

  906.                 $_vlv_sort[] = explode(' ', $vlv_index_attrs['vlvsort']);
    907. 

  907.             }
    908. 

  908. 

  909.             $this->vlv_config[$vlv_search_attrs['vlvbase']] = array(
    910. 

  910.                 'scope'  => self::scopeint2str($vlv_search_attrs['vlvscope']),
    911. 

  911.                 'filter' => strtolower($vlv_search_attrs['vlvfilter']),
    912. 

  912.                 'sort'   => $_vlv_sort,
    913. 

  913.             );
    914. 

  914.         }
    915. 

  915. 

  916.         // cache this
    917. 

  917.         if ($this->cache)
    918. 

  918.             $this->cache->set('vlvconfig', $this->vlv_config);
    919. 

  919. 

  920.         $this->_debug("D: Refreshed VLV config: " . var_export($this->vlv_config, true));
    921. 

  921. 

  922.         return $this->vlv_config;
    923. 

  923.     }
    924. 

  924. 

  925.     /**
    926. 

  926.      * Generate BER encoded string for Virtual List View option
    927. 

  927.      *
    928. 

  928.      * @param integer List offset (first record)
    929. 

  929.      * @param integer Records per page
    930. 

  930.      *
    931. 

  931.      * @return string BER encoded option value
    932. 

  932.      */
    933. 

  933.     private static function _vlv_ber_encode($offset, $rpp, $search = '')
    934. 

  934.     {
    935. 

  935.         /*
    936. 

  936.             this string is ber-encoded, php will prefix this value with:
    937. 

  937.             04 (octet string) and 10 (length of 16 bytes)
    938. 

  938.             the code behind this string is broken down as follows:
    939. 

  939.             30 = ber sequence with a length of 0e (14) bytes following
    940. 

  940.             02 = type integer (in two's complement form) with 2 bytes following (beforeCount): 01 00 (ie 0)
    941. 

  941.             02 = type integer (in two's complement form) with 2 bytes following (afterCount):  01 18 (ie 25-1=24)
    942. 

  942.             a0 = type context-specific/constructed with a length of 06 (6) bytes following
    943. 

  943.             02 = type integer with 2 bytes following (offset): 01 01 (ie 1)
    944. 

  944.             02 = type integer with 2 bytes following (contentCount):  01 00
    945. 

    946. 

  946.             with a search string present:
    947. 

  947.             81 = type context-specific/constructed with a length of 04 (4) bytes following (the length will change here)
    948. 

  948.             81 indicates a user string is present where as a a0 indicates just a offset search
    949. 

  949.             81 = type context-specific/constructed with a length of 06 (6) bytes following
    950. 

    951. 

  951.             The following info was taken from the ISO/IEC 8825-1:2003 x.690 standard re: the
    952. 

  952.             encoding of integer values (note: these values are in
    953. 

  953.             two-complement form so since offset will never be negative bit 8 of the
    954. 

  954.             leftmost octet should never by set to 1):
    955. 

  955.             8.3.2: If the contents octets of an integer value encoding consist
    956. 

  956.             of more than one octet, then the bits of the first octet (rightmost)
    957. 

  957.             and bit 8 of the second (to the left of first octet) octet:
    958. 

  958.                 a) shall not all be ones; and
    959. 

  959.                 b) shall not all be zero
    960. 

  960.         */
    961. 

  961. 

  962.         if ($search) {
    963. 

  963.             $search = preg_replace('/[^-[:alpha:] ,.()0-9]+/', '', $search);
    964. 

  964.             $ber_val = self::_string2hex($search);
    965. 

  965.             $str = self::_ber_addseq($ber_val, '81');
    966. 

  966.         }
    967. 

  967.         else {
    968. 

  968.             // construct the string from right to left
    969. 

  969.             $str = "020100"; # contentCount
    970. 

  970. 

  971.             $ber_val = self::_ber_encode_int($offset);  // returns encoded integer value in hex format
    972. 

  972. 

  973.             // calculate octet length of $ber_val
    974. 

  974.             $str = self::_ber_addseq($ber_val, '02') . $str;
    975. 

  975. 

  976.             // now compute length over $str
    977. 

  977.             $str = self::_ber_addseq($str, 'a0');
    978. 

  978.         }
    979. 

  979. 

  980.         // now tack on records per page
    981. 

  981.         $str = "020100" . self::_ber_addseq(self::_ber_encode_int($rpp-1), '02') . $str;
    982. 

  982. 

  983.         // now tack on sequence identifier and length
    984. 

  984.         $str = self::_ber_addseq($str, '30');
    985. 

  985. 

  986.         return pack('H'.strlen($str), $str);
    987. 

  987.     }
    988. 

  988. 

  989.     /**
    990. 

  990.      * create ber encoding for sort control
    991. 

  991.      *
    992. 

  992.      * @param array List of cols to sort by
    993. 

  993.      * @return string BER encoded option value
    994. 

  994.      */
    995. 

  995.     private static function _sort_ber_encode($sortcols)
    996. 

  996.     {
    997. 

  997.         $str = '';
    998. 

  998.         foreach (array_reverse((array)$sortcols) as $col) {
    999. 

  999.             $ber_val = self::_string2hex($col);
    1000. 

  1000. 

  1001.             // 30 = ber sequence with a length of octet value
    1002. 

  1002.             // 04 = octet string with a length of the ascii value
    1003. 

  1003.             $oct = self::_ber_addseq($ber_val, '04');
    1004. 

  1004.             $str = self::_ber_addseq($oct, '30') . $str;
    1005. 

  1005.         }
    1006. 

  1006. 

  1007.         // now tack on sequence identifier and length
    1008. 

  1008.         $str = self::_ber_addseq($str, '30');
    1009. 

  1009. 

  1010.         return pack('H'.strlen($str), $str);
    1011. 

  1011.     }
    1012. 

  1012. 

  1013.     /**
    1014. 

  1014.      * Add BER sequence with correct length and the given identifier
    1015. 

  1015.      */
    1016. 

  1016.     private static function _ber_addseq($str, $identifier)
    1017. 

  1017.     {
    1018. 

  1018.         $len = dechex(strlen($str)/2);
    1019. 

  1019.         if (strlen($len) % 2 != 0)
    1020. 

  1020.             $len = '0'.$len;
    1021. 

  1021. 

  1022.         return $identifier . $len . $str;
    1023. 

  1023.     }
    1024. 

  1024. 

  1025.     /**
    1026. 

  1026.      * Returns BER encoded integer value in hex format
    1027. 

  1027.      */
    1028. 

  1028.     private static function _ber_encode_int($offset)
    1029. 

  1029.     {
    1030. 

  1030.         $val = dechex($offset);
    1031. 

  1031.         $prefix = '';
    1032. 

  1032. 

  1033.         // check if bit 8 of high byte is 1
    1034. 

  1034.         if (preg_match('/^[89abcdef]/', $val))
    1035. 

  1035.             $prefix = '00';
    1036. 

  1036. 

  1037.         if (strlen($val)%2 != 0)
    1038. 

  1038.             $prefix .= '0';
    1039. 

  1039. 

  1040.         return $prefix . $val;
    1041. 

  1041.     }
    1042. 

  1042. 

  1043.     /**
    1044. 

  1044.      * Returns ascii string encoded in hex
    1045. 

  1045.      */
    1046. 

  1046.     private static function _string2hex($str)
    1047. 

  1047.     {
    1048. 

  1048.         $hex = '';
    1049. 

  1049.         for ($i=0; $i < strlen($str); $i++) {
    1050. 

  1050.             $hex .= dechex(ord($str[$i]));
    1051. 

  1051.         }
    1052. 

  1052.         return $hex;
    1053. 

  1053.     }
    1054. 

  1054. 

  1055. }
    1056. 

  1056.