From e33aa2978cd0cdb596290ebb4efe1e1edefd8fa3 Mon Sep 17 00:00:00 2001 From: Klaus Leithoff Date: Wed, 23 Mar 2011 13:19:48 +0000 Subject: [PATCH] * API/Authentication: add fallback to sql for mail authentication. --- .../inc/class.auth_fallbackmail2sql.inc.php | 85 +++++++++++++++++++ setup/inc/class.setup_cmd_config.inc.php | 1 + 2 files changed, 86 insertions(+) create mode 100644 phpgwapi/inc/class.auth_fallbackmail2sql.inc.php diff --git a/phpgwapi/inc/class.auth_fallbackmail2sql.inc.php b/phpgwapi/inc/class.auth_fallbackmail2sql.inc.php new file mode 100644 index 0000000000..34e9303c20 --- /dev/null +++ b/phpgwapi/inc/class.auth_fallbackmail2sql.inc.php @@ -0,0 +1,85 @@ + + * @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License + * @package api + * @subpackage authentication + * @version $Id$ + */ + +/** + * Authentication agains a mail Server with fallback to SQL + * + * For other fallback types, simply change auth backends in constructor call + */ +class auth_fallbackmail2sql implements auth_backend +{ + /** + * Primary auth backend + * + * @var auth_backend + */ + private $primary_backend; + + /** + * Fallback auth backend + * + * @var auth_backend + */ + private $fallback_backend; + + /** + * Constructor + */ + function __construct($primary='auth_mail',$fallback='auth_sql') + { + $this->primary_backend = new $primary; + + $this->fallback_backend = new $fallback; + } + + /** + * authentication against LDAP with fallback to SQL + * + * @param string $username username of account to authenticate + * @param string $passwd corresponding password + * @return boolean true if successful authenticated, false otherwise + */ + function authenticate($username, $passwd, $passwd_type='text') + { + if ($this->primary_backend->authenticate($username, $passwd, $passwd_type)) + { + egw_cache::setSession(__CLASS__,'backend_used','primary'); + return true; + } + if ($this->fallback_backend->authenticate($username,$passwd, $passwd_type)) + { + egw_cache::setSession(__CLASS__,'backend_used','fallback'); + return true; + } + return false; + } + + /** + * changes password in LDAP + * + * If $old_passwd is given, the password change is done binded as user and NOT with the + * "root" dn given in the configurations. + * + * @param string $old_passwd must be cleartext or empty to not to be checked + * @param string $new_passwd must be cleartext + * @param int $account_id account id of user whose passwd should be changed + * @return boolean true if password successful changed, false otherwise + */ + function change_password($old_passwd, $new_passwd, $account_id=0) + { + if (egw_cache::getSession(__CLASS__,'backend_used') == 'primary') + { + return false; + } + return $this->fallback_backend->change_password($old_passwd, $new_passwd, $account_id); + } +} diff --git a/setup/inc/class.setup_cmd_config.inc.php b/setup/inc/class.setup_cmd_config.inc.php index 44b1c87bc2..e7d09a840e 100644 --- a/setup/inc/class.setup_cmd_config.inc.php +++ b/setup/inc/class.setup_cmd_config.inc.php @@ -355,6 +355,7 @@ class setup_cmd_config extends setup_cmd 'ads' => 'Active Directory', 'http' => 'HTTP', 'fallback' => 'Fallback LDAP --> SQL', + 'fallbackmail2sql' => 'Fallback Mail --> SQL', 'sqlssl' => 'SQL / SSL', ); static $scan_done;