Update id2name/name2/id/get_type, and add modified auth class for ldap_wip

This commit is contained in:
Miles Lott 2001-06-09 21:05:42 +00:00
parent 9755a6d6a7
commit 6d81baf960
2 changed files with 208 additions and 71 deletions

View File

@ -28,7 +28,7 @@
// This is where it belongs (jengo) // This is where it belongs (jengo)
// This is where it ended up (milosch) // This is where it ended up (milosch)
/* Since LDAP will return system accounts, there are a few we don't want to login. */ /* Since LDAP will return system accounts, there are a few we don't want to login. */
$phpgw_info["server"]["global_denied_users"] = array( $phpgw_info['server']['global_denied_users'] = array(
'root' => True, 'bin' => True, 'daemon' => True, 'root' => True, 'bin' => True, 'daemon' => True,
'adm' => True, 'lp' => True, 'sync' => True, 'adm' => True, 'lp' => True, 'sync' => True,
'shutdown' => True, 'halt' => True, 'ldap' => True, 'shutdown' => True, 'halt' => True, 'ldap' => True,
@ -46,7 +46,7 @@
'ident' => True, 'mailnull' => True 'ident' => True, 'mailnull' => True
); );
$phpgw_info["server"]["global_denied_groups"] = array( $phpgw_info['server']['global_denied_groups'] = array(
'root' => True, 'bin' => True, 'daemon' => True, 'root' => True, 'bin' => True, 'daemon' => True,
'sys' => True, 'adm' => True, 'tty' => True, 'sys' => True, 'adm' => True, 'tty' => True,
'disk' => True, 'lp' => True, 'mem' => True, 'disk' => True, 'lp' => True, 'mem' => True,
@ -68,6 +68,7 @@
var $account_id; var $account_id;
var $acct_type = ''; var $acct_type = '';
var $data; var $data;
var $total;
function accounts_() function accounts_()
{ {
@ -114,12 +115,12 @@
$this->data["loginshell"] = $allValues[0]["loginshell"][0]; $this->data["loginshell"] = $allValues[0]["loginshell"][0];
} }
$this->data['lastlogin'] = $allValues[0]['phpgwlastlogin'][0]; $this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
$this->data['lastloginfrom'] = $allValues[0]['phpgwlastloginfrom'][0]; $this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
$this->data['lastpasswd_change'] = $allValues[0]['phpgwlastpasswdchange'][0]; $this->data['lastpasswd_change'] = $allValues[0]['phpgwlastpasswdchange'][0];
$this->data['status'] = $allValues[0]['phpgwaccountstatus'][0]; $this->data['status'] = $allValues[0]['phpgwaccountstatus'][0];
$this->data['type'] = $allValues[0]['phpgwaccounttype'][0]; $this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
$this->data['expires'] = $allValues[0]['phpgwexpires'][0]; $this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
return $this->data; return $this->data;
} }
@ -145,12 +146,12 @@
$entry['cn'] = sprintf("%s %s", $this->data['firstname'], $this->data['lastname']); $entry['cn'] = sprintf("%s %s", $this->data['firstname'], $this->data['lastname']);
$entry['sn'] = $this->data['lastname']; $entry['sn'] = $this->data['lastname'];
$entry['givenname'] = $this->data['firstname']; $entry['givenname'] = $this->data['firstname'];
$entry['phpgwlastlogin'] = $this->data['lastlogin']; $entry['phpgwaccountlastlogin'] = $this->data['lastlogin'];
$entry['phpgwlastloginfrom'] = $this->data['lastloginfrom']; $entry['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
$entry['phpgwlastpasswdchange'] = $this->data['lastpasswd_change']; $entry['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
$entry['phpgwaccountstatus'] = $this->data['status']; $entry['phpgwaccountstatus'] = $this->data['status'];
$entry['phpgwaccounttype'] = $this->data['type']; $entry['phpgwaccounttype'] = $this->data['type'];
$entry['phpgwexpires'] = $this->data['expires']; $entry['phpgwaccountexpires'] = $this->data['expires'];
if ($phpgw_info["server"]["ldap_extra_attributes"]) if ($phpgw_info["server"]["ldap_extra_attributes"])
{ {
@ -229,6 +230,7 @@
//$entry["objectclass"][4] = 'account'; Causes problems with some LDAP servers //$entry["objectclass"][4] = 'account'; Causes problems with some LDAP servers
$entry["objectclass"][4] = 'posixAccount'; $entry["objectclass"][4] = 'posixAccount';
$entry["objectclass"][5] = 'shadowAccount'; $entry["objectclass"][5] = 'shadowAccount';
$entry["objectclass"][6] = 'phpgwAccount';
if ($phpgw_info["server"]["ldap_extra_attributes"]) if ($phpgw_info["server"]["ldap_extra_attributes"])
{ {
@ -369,37 +371,45 @@
if ($_type == 'both' || $_type == 'accounts') if ($_type == 'both' || $_type == 'accounts')
{ {
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], '|((uidnumber=*)(phpgwaccounttype=u))'); $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], '(&(uidnumber=*)(phpgwaccounttype=u))');
$allValues = ldap_get_entries($ds, $sri); $allValues = ldap_get_entries($ds, $sri);
while ($allVals = @each($allValues)) while (list($null,$allVals) = @each($allValues))
{ {
$accounts[] = Array( $test = $allVals['uid'][0];
'account_id' => $allVals['uidnumber'][0], if (!$phpgw_info['server']['global_denied_users'][$test])
'account_lid' => $allVals['uid'][0], {
'account_type' => $allVals['phpgwaccounttype'], $accounts[] = Array(
'account_firstname' => $allVals['givenname'][0], 'account_id' => $allVals['uidnumber'][0],
'account_lastname' => $allVals['sn'][0], 'account_lid' => $allVals['uid'][0],
'account_status' => $allVals['phpgwaccountstatus'][0] 'account_type' => $allVals['phpgwaccounttype'],
); 'account_firstname' => $allVals['givenname'][0],
'account_lastname' => $allVals['sn'][0],
'account_status' => $allVals['phpgwaccountstatus'][0]
);
}
} }
} }
elseif ($_type == 'both' || $_type == 'groups') elseif ($_type == 'both' || $_type == 'groups')
{ {
$sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], '|((gidnumber=*)(phpgwaccounttype=g))'); $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], '(|(gidnumber=*)(phpgwaccounttype=g))');
$allValues = ldap_get_entries($ds, $sri); $allValues = ldap_get_entries($ds, $sri);
while ($allVals = @each($allValues)) while (list($null,$allVals) = @each($allValues))
{ {
$accounts[] = Array( $test = $allVals['cn'][0];
'account_id' => $allVals['gidnumber'][0], if (!$phpgw_info['server']['global_denied_groups'][$test])
'account_lid' => $allVals['uid'][0], {
'account_type' => $allVals['phpgwaccounttype'], $accounts[] = Array(
'account_firstname' => $allVals['givenname'][0], 'account_id' => $allVals['gidnumber'][0],
'account_lastname' => $allVals['sn'][0], 'account_lid' => $allVals['cn'][0],
'account_status' => $allVals['phpgwaccountstatus'][0] 'account_type' => $allVals['phpgwaccounttype'],
); 'account_firstname' => $allVals['givenname'][0],
'account_lastname' => $allVals['sn'][0],
'account_status' => $allVals['phpgwaccountstatus'][0]
);
}
} }
} }
$this->total = count($accounts);
return $accounts; return $accounts;
} }
@ -407,33 +417,48 @@
{ {
global $phpgw, $phpgw_info; global $phpgw, $phpgw_info;
$this->db->query("SELECT account_id FROM phpgw_accounts WHERE account_lid='".$account_lid."'",__LINE__,__FILE__); $ds = $phpgw->common->ldapConnect();
$sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], "uid=$account_lid");
if($this->db->num_rows()) $allValues = ldap_get_entries($ds, $sri);
if ($allValues[0]['uidnumber'][0])
{ {
$this->db->next_record(); return $allValues[0]['uidnumber'][0];
return intval($this->db->f('account_id')); }
}
else $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], "cn=$account_id");
$allValues = ldap_get_entries($ds, $sri);
if ($allValues[0]['gidnumber'][0])
{ {
return False; return $allValues[0]['gidnumber'][0];
} }
return False;
} }
function id2name($account_id) function id2name($account_id)
{ {
global $phpgw, $phpgw_info; global $phpgw, $phpgw_info;
$this->db->query("SELECT account_lid FROM phpgw_accounts WHERE account_id='".$account_id."'",__LINE__,__FILE__); $ds = $phpgw->common->ldapConnect();
if($this->db->num_rows()) $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], "uidnumber=$account_id");
$allValues = ldap_get_entries($ds, $sri);
if ($allValues[0]['uid'][0])
{ {
$this->db->next_record(); return $allValues[0]['uid'][0];
return $this->db->f('account_lid');
} }
else
$sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], "gidnumber=$account_id");
$allValues = ldap_get_entries($ds, $sri);
if ($allValues[0]['uid'][0])
{ {
return False; return $allValues[0]['uid'][0];
} }
return False;
} }
function get_type($accountid = '') function get_type($accountid = '')
@ -441,16 +466,27 @@
global $phpgw, $phpgw_info; global $phpgw, $phpgw_info;
$account_id = get_account_id($accountid); $account_id = get_account_id($accountid);
$this->db->query("SELECT account_type FROM phpgw_accounts WHERE account_id='".$account_id."'",__LINE__,__FILE__); $ds = $phpgw->common->ldapConnect();
if ($this->db->num_rows())
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uid=$account_id");
$allValues = ldap_get_entries($ds, $sri);
if ($allValues[0]['phpgwaccounttype'][0])
{ {
$this->db->next_record(); return $allValues[0]['phpgwaccounttype'][0];
return $this->db->f("account_type");
} }
else
$allValues = array*();
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "cn=$account_id");
$allValues = ldap_get_entries($ds, $sri);
if ($allValues[0]['phpgwaccounttype'][0])
{ {
return False; return $allValues[0]['phpgwaccounttype'][0];
} }
return False;
} }
function exists($account_lid) function exists($account_lid)
@ -525,12 +561,12 @@
//echo '<br>using'.$account_id;exit; //echo '<br>using'.$account_id;exit;
} }
$entry['userpasswd'] = $account_info['passwd']; $entry['userpasswd'] = $account_info['passwd'];
$entry['phpgwlastlogin'] = $account_info['lastlogin']; $entry['phpgwaccountlastlogin'] = $account_info['lastlogin'];
$entry['phpgwlastloginfrom'] = $account_info['lastloginfrom']; $entry['phpgwaccountlastloginfrom'] = $account_info['lastloginfrom'];
$entry['phpgwlastpasswdchange'] = $account_info['lastpasswd_change']; $entry['phpgwlastpasswdchange'] = $account_info['lastpasswd_change'];
$entry['phpgwaccountstatus'] = $account_info['status']; $entry['phpgwaccountstatus'] = $account_info['status'];
$entry['phpgwaccounttype'] = $account_info['type']; $entry['phpgwaccounttype'] = $account_info['type'];
$entry['phpgwexpires'] = $account_info['expires']; $entry['phpgwaccountexpires'] = $account_info['expires'];
if ($account_type == "g") if ($account_type == "g")
{ {
@ -603,14 +639,15 @@
$tmpentry["objectclass"][3] = 'inetOrgPerson'; $tmpentry["objectclass"][3] = 'inetOrgPerson';
$tmpentry["userpassword"] = $phpgw->common->encrypt_password($account_info['passwd']); $tmpentry["userpassword"] = $phpgw->common->encrypt_password($account_info['passwd']);
//$tmpentry["objectclass"][4] = 'account'; Causes problems with some LDAP servers //$tmpentry["objectclass"][4] = 'account'; Causes problems with some LDAP servers
$tmpentry["objectclass"][5] = 'posixAccount'; $tmpentry["objectclass"][4] = 'posixAccount';
$tmpentry["objectclass"][6] = 'shadowAccount'; $tmpentry["objectclass"][5] = 'shadowAccount';
$tmpentry['phpgwlastlogin'] = $account_info['lastlogin']; $tmpentry["objectclass"][6] = 'phpgwAccount';
$tmpentry['phpgwlastloginfrom'] = $account_info['lastloginfrom']; $tmpentry['phpgwaccountlastlogin'] = $account_info['lastlogin'];
$tmpentry['phpgwaccountlastloginfrom'] = $account_info['lastloginfrom'];
$tmpentry['phpgwlastpasswdchange'] = $account_info['lastpasswd_change']; $tmpentry['phpgwlastpasswdchange'] = $account_info['lastpasswd_change'];
$tmpentry['phpgwaccountstatus'] = $account_info['status']; $tmpentry['phpgwaccountstatus'] = $account_info['status'];
$tmpentry['phpgwaccounttype'] = $account_info['account_type']; $tmpentry['phpgwaccounttype'] = $account_info['account_type'];
$tmpentry['phpgwexpires'] = $account_info['expires']; $tmpentry['phpgwaccountexpires'] = $account_info['expires'];
} }
ldap_modify($ds, $allValues[0]["dn"], $tmpentry); ldap_modify($ds, $allValues[0]["dn"], $tmpentry);
} }
@ -653,20 +690,9 @@
//$entry["objectclass"][4] = 'account'; Causes problems with some LDAP servers //$entry["objectclass"][4] = 'account'; Causes problems with some LDAP servers
$entry["objectclass"][4] = 'posixAccount'; $entry["objectclass"][4] = 'posixAccount';
$entry["objectclass"][5] = 'shadowAccount'; $entry["objectclass"][5] = 'shadowAccount';
$entry["objectclass"][5] = 'phpgwAccount';
} }
/*
echo '<br>dn: '.$dn;
while (list($key,$val) = each($entry)) {
if (is_array($val)) {
for ($i=0;$i<count($val);$i++) {
if ($val[$i]) { echo "<br>\nline ".$key.': '.$val[$i]; }
}
} else {
if ($val) { echo '<br>line '.$key.': '.$val; }
}
}
//exit;
*/
ldap_add($ds, $dn, $entry); ldap_add($ds, $dn, $entry);
} }
//print ldap_error($ds); //print ldap_error($ds);

View File

@ -0,0 +1,111 @@
<?php
/**************************************************************************\
* phpGroupWare API - Auth from LDAP *
* This file written by Lars Kneschke <kneschke@phpgroupware.org> *
* and Joseph Engo <jengo@phpgroupware.org> *
* Authentication based on LDAP Server *
* Copyright (C) 2000, 2001 Joseph Engo *
* -------------------------------------------------------------------------*
* This library is part of the phpGroupWare API *
* http://www.phpgroupware.org/api *
* ------------------------------------------------------------------------ *
* This library is free software; you can redistribute it and/or modify it *
* under the terms of the GNU Lesser General Public License as published by *
* the Free Software Foundation; either version 2.1 of the License, *
* or any later version. *
* This library is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* See the GNU Lesser General Public License for more details. *
* You should have received a copy of the GNU Lesser General Public License *
* along with this library; if not, write to the Free Software Foundation, *
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
\**************************************************************************/
/* $Id$ */
class auth
{
var $previous_login = -1;
function authenticate($username, $passwd)
{
global $phpgw_info, $phpgw;
// error_reporting MUST be set to zero, otherwise you'll get nasty LDAP errors with a bad login/pass...
// these are just "warnings" and can be ignored.....
error_reporting(0);
$ldap = ldap_connect($phpgw_info['server']['ldap_host']);
// find the dn for this uid, the uid is not always in the dn
$sri = ldap_search($ldap, $phpgw_info['server']['ldap_context'], 'uid='.$username);
$allValues = ldap_get_entries($ldap, $sri);
if ($allValues['count'] > 0)
{
// we only care about the first dn
$userDN = $allValues[0]['dn'];
// generate a bogus password to pass if the user doesn't give us one
// this gets around systems that are anonymous search enabled
if (empty($passwd))
{
$passwd = crypt(microtime());
}
// try to bind as the user with user suplied password
if (ldap_bind($ldap,$userDN, $passwd))
{
return True;
}
}
// Turn error reporting back to normal
error_reporting(7);
// dn not found or password wrong
return False;
}
function change_password($old_passwd, $new_passwd, $_account_id='')
{
global $phpgw_info, $phpgw;
if ($_account_id == '')
{
$_account_id = $phpgw_info['user']['account_id'];
}
$ds = $phpgw->common->ldapConnect();
$sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uidnumber=' . $_account_id);
$allValues = ldap_get_entries($ds, $sri);
$entry['userpassword'] = $phpgw->common->encrypt_password($new_passwd);
$dn = $allValues[0]["dn"];
if (!@ldap_modify($ds, $dn, $entry))
{
return false;
}
$phpgw->session->appsession('password','phpgwapi',$new_passwd);
return $encrypted_passwd;
}
function update_lastlogin($_account_id, $ip)
{
global $phpgw_info, $phpgw;
$entry['phpgwaccountlastlogin'] = time();
$entry['phpgwaccountlastloginfrom'] = $ip;
$ds = $phpgw->common->ldapConnect();
$sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uidnumber=' . $_account_id);
$allValues = ldap_get_entries($ds, $sri);
$dn = $allValues[0]['dn'];
$this->previous_login = $allValues[0]['phpgwaccountlastlogin'][0];
@ldap_modify($ds, $dn, $entry);
}
}
?>