2016-09-11 02:02:37 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* plugin_ldap
|
|
|
|
|
*
|
2016-09-11 17:09:54 +02:00
|
|
|
* @method ldap checks a local or remote ldap database to authenticate the user
|
2016-09-11 02:02:37 +02:00
|
|
|
*/
|
|
|
|
|
class plugin_ldap {
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Define variables and their scope
|
|
|
|
|
*/
|
|
|
|
|
public $debug;
|
|
|
|
|
public $domain_name;
|
|
|
|
|
public $username;
|
|
|
|
|
public $password;
|
|
|
|
|
public $user_uuid;
|
|
|
|
|
public $contact_uuid;
|
|
|
|
|
|
|
|
|
|
/**
|
2016-09-11 17:08:33 +02:00
|
|
|
* ldap checks a local or remote ldap database to authenticate the user
|
2016-09-11 02:02:37 +02:00
|
|
|
* @return array [authorized] => true or false
|
|
|
|
|
*/
|
|
|
|
|
function ldap() {
|
|
|
|
|
|
2023-04-18 17:36:09 +02:00
|
|
|
//show the authentication code view
|
|
|
|
|
if ($_REQUEST["username"]) {
|
|
|
|
|
|
2023-05-07 02:31:48 +02:00
|
|
|
//pre-process some settings
|
|
|
|
|
$settings['theme']['favicon'] = !empty($settings['theme']['favicon']) ? $settings['theme']['favicon'] : PROJECT_PATH.'/themes/default/favicon.ico';
|
|
|
|
|
|
2023-04-18 17:36:09 +02:00
|
|
|
//login logo source
|
|
|
|
|
if (isset($_SESSION['theme']['logo_login']['text']) && $_SESSION['theme']['logo_login']['text'] != '') {
|
|
|
|
|
$login_logo_source = $_SESSION['theme']['logo_login']['text'];
|
|
|
|
|
}
|
|
|
|
|
else if (isset($_SESSION['theme']['logo']['text']) && $_SESSION['theme']['logo']['text'] != '') {
|
|
|
|
|
$login_logo_source = $_SESSION['theme']['logo']['text'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$login_logo_source = PROJECT_PATH.'/themes/default/images/logo_login.png';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//login logo dimensions
|
|
|
|
|
if (isset($_SESSION['theme']['login_logo_width']['text']) && $_SESSION['theme']['login_logo_width']['text'] != '') {
|
|
|
|
|
$login_logo_width = $_SESSION['theme']['login_logo_width']['text'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$login_logo_width = 'auto; max-width: 300px';
|
|
|
|
|
}
|
|
|
|
|
if (isset($_SESSION['theme']['login_logo_height']['text']) && $_SESSION['theme']['login_logo_height']['text'] != '') {
|
|
|
|
|
$login_logo_height = $_SESSION['theme']['login_logo_height']['text'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$login_logo_height = 'auto; max-height: 300px';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//get the domain
|
|
|
|
|
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
|
|
|
|
|
$domain_name = $domain_array[0];
|
|
|
|
|
|
|
|
|
|
//temp directory
|
|
|
|
|
$_SESSION['server']['temp']['dir'] = '/tmp';
|
|
|
|
|
|
|
|
|
|
//create token
|
|
|
|
|
//$object = new token;
|
|
|
|
|
//$token = $object->create('login');
|
|
|
|
|
|
|
|
|
|
//add multi-lingual support
|
|
|
|
|
$language = new text;
|
|
|
|
|
$text = $language->get(null, '/core/authentication');
|
|
|
|
|
|
|
|
|
|
//initialize a template object
|
|
|
|
|
$view = new template();
|
|
|
|
|
$view->engine = 'smarty';
|
|
|
|
|
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
|
|
|
|
|
$view->cache_dir = $_SESSION['server']['temp']['dir'];
|
|
|
|
|
$view->init();
|
|
|
|
|
|
|
|
|
|
//add translations
|
|
|
|
|
$view->assign("login_title", $text['button-login']);
|
|
|
|
|
$view->assign("label_username", $text['label-username']);
|
|
|
|
|
$view->assign("label_password", $text['label-password']);
|
|
|
|
|
$view->assign("button_login", $text['button-login']);
|
|
|
|
|
|
|
|
|
|
//assign default values to the template
|
|
|
|
|
$view->assign("login_destination_url", $login_destination_url);
|
|
|
|
|
$view->assign("login_logo_width", $login_logo_width);
|
|
|
|
|
$view->assign("login_logo_height", $login_logo_height);
|
|
|
|
|
$view->assign("login_logo_source", $login_logo_source);
|
2023-05-07 02:31:48 +02:00
|
|
|
$view->assign("favicon", $settings['theme']['favicon']);
|
2023-04-18 17:36:09 +02:00
|
|
|
|
|
|
|
|
//add the token name and hash to the view
|
|
|
|
|
//$view->assign("token_name", $token['name']);
|
|
|
|
|
//$view->assign("token_hash", $token['hash']);
|
|
|
|
|
|
|
|
|
|
//show the views
|
|
|
|
|
$content = $view->render('login.htm');
|
|
|
|
|
echo $content;
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-11 02:02:37 +02:00
|
|
|
//use ldap to validate the user credentials
|
|
|
|
|
if (isset($_SESSION["ldap"]["certpath"])) {
|
|
|
|
|
$s = "LDAPTLS_CERT=" . $_SESSION["ldap"]["certpath"]["text"];
|
|
|
|
|
putenv($s);
|
|
|
|
|
}
|
|
|
|
|
if (isset($_SESSION["ldap"]["certkey"])) {
|
|
|
|
|
$s = "LDAPTLS_KEY=" . $_SESSION["ldap"]["certkey"]["text"];
|
|
|
|
|
putenv($s);
|
|
|
|
|
}
|
|
|
|
|
$host = $_SESSION["ldap"]["server_host"]["text"];
|
|
|
|
|
$port = $_SESSION["ldap"]["server_port"]["numeric"];
|
2019-09-02 23:57:18 +02:00
|
|
|
$connect = ldap_connect($host, $port)
|
2016-09-11 02:02:37 +02:00
|
|
|
or die("Could not connect to the LDAP server.");
|
|
|
|
|
//ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, 10);
|
|
|
|
|
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
|
|
|
//ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
|
2016-10-31 18:01:52 +01:00
|
|
|
|
2019-09-02 23:57:18 +02:00
|
|
|
//set the default status
|
2016-10-31 18:01:52 +01:00
|
|
|
$user_authorized = false;
|
|
|
|
|
|
|
|
|
|
//provide backwards compatability
|
2023-05-05 18:46:37 +02:00
|
|
|
if (!empty($_SESSION["ldap"]["user_dn"]["text"])) {
|
2016-10-31 18:01:52 +01:00
|
|
|
$_SESSION["ldap"]["user_dn"][] = $_SESSION["ldap"]["user_dn"]["text"];
|
2016-09-11 02:02:37 +02:00
|
|
|
}
|
2016-10-31 18:01:52 +01:00
|
|
|
|
|
|
|
|
//check all user_dn in the array
|
|
|
|
|
foreach ($_SESSION["ldap"]["user_dn"] as $user_dn) {
|
|
|
|
|
$bind_dn = $_SESSION["ldap"]["user_attribute"]["text"]."=".$this->username.",".$user_dn;
|
|
|
|
|
$bind_pw = $this->password;
|
|
|
|
|
//Note: As of 4/16, the call below will fail randomly. PHP debug reports ldap_bind
|
|
|
|
|
//called below with all arguments '*uninitialized*'. However, the debugger
|
|
|
|
|
//single-stepping just before the failing call correctly displays all the values.
|
2023-05-05 18:46:37 +02:00
|
|
|
if (!empty($bind_pw)) {
|
2016-11-02 07:16:30 +01:00
|
|
|
$bind = ldap_bind($connect, $bind_dn, $bind_pw);
|
|
|
|
|
if ($bind) {
|
|
|
|
|
//connected and authorized
|
|
|
|
|
$user_authorized = true;
|
2017-04-20 18:28:53 +02:00
|
|
|
break;
|
2016-11-02 07:16:30 +01:00
|
|
|
}
|
2016-10-31 18:01:52 +01:00
|
|
|
}
|
2016-09-11 02:02:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//check to see if the user exists
|
|
|
|
|
if ($user_authorized) {
|
|
|
|
|
$sql = "select * from v_users ";
|
2019-09-02 23:57:18 +02:00
|
|
|
$sql .= "where username = :username ";
|
2019-07-29 18:33:27 +02:00
|
|
|
if ($_SESSION["users"]["unique"]["text"] != "global") {
|
2019-09-02 23:57:18 +02:00
|
|
|
//unique username per domain (not globally unique across system - example: email address)
|
|
|
|
|
$sql .= "and domain_uuid = :domain_uuid ";
|
|
|
|
|
$parameters['domain_uuid'] = $this->domain_uuid;
|
2016-09-11 02:02:37 +02:00
|
|
|
}
|
2019-09-02 23:57:18 +02:00
|
|
|
$parameters['username'] = $this->username;
|
|
|
|
|
$database = new database;
|
|
|
|
|
$row = $database->select($sql, $parameters, 'row');
|
|
|
|
|
if (is_array($row) && @sizeof($row) != 0) {
|
|
|
|
|
if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
|
|
|
|
|
//get the domain uuid
|
|
|
|
|
$this->domain_uuid = $row["domain_uuid"];
|
|
|
|
|
$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
|
|
|
|
|
|
|
|
|
|
//set the domain session variables
|
|
|
|
|
$_SESSION["domain_uuid"] = $this->domain_uuid;
|
|
|
|
|
$_SESSION["domain_name"] = $this->domain_name;
|
|
|
|
|
|
|
|
|
|
//set the setting arrays
|
|
|
|
|
$domain = new domains();
|
|
|
|
|
$domain->set();
|
2016-09-11 02:02:37 +02:00
|
|
|
}
|
2019-09-02 23:57:18 +02:00
|
|
|
$this->user_uuid = $row["user_uuid"];
|
|
|
|
|
$this->contact_uuid = $row["contact_uuid"];
|
2016-09-11 02:02:37 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
//salt used with the password to create a one way hash
|
|
|
|
|
$salt = generate_password('32', '4');
|
|
|
|
|
$password = generate_password('32', '4');
|
|
|
|
|
|
|
|
|
|
//prepare the uuids
|
|
|
|
|
$this->user_uuid = uuid();
|
|
|
|
|
$this->contact_uuid = uuid();
|
|
|
|
|
|
2019-09-02 23:57:18 +02:00
|
|
|
//build user insert array
|
|
|
|
|
$array['users'][0]['user_uuid'] = $this->user_uuid;
|
|
|
|
|
$array['users'][0]['domain_uuid'] = $this->domain_uuid;
|
|
|
|
|
$array['users'][0]['contact_uuid'] = $this->contact_uuid;
|
|
|
|
|
$array['users'][0]['username'] = strtolower($this->username);
|
|
|
|
|
$array['users'][0]['password'] = md5($salt.$password);
|
|
|
|
|
$array['users'][0]['salt'] = $salt;
|
|
|
|
|
$array['users'][0]['add_date'] = now();
|
|
|
|
|
$array['users'][0]['add_user'] = strtolower($this->username);
|
|
|
|
|
$array['users'][0]['user_enabled'] = 'true';
|
|
|
|
|
|
|
|
|
|
//build user group insert array
|
|
|
|
|
$array['user_groups'][0]['user_group_uuid'] = uuid();
|
|
|
|
|
$array['user_groups'][0]['domain_uuid'] = $this->domain_uuid;
|
|
|
|
|
$array['user_groups'][0]['group_name'] = 'user';
|
|
|
|
|
$array['user_groups'][0]['user_uuid'] = $this->user_uuid;
|
|
|
|
|
|
|
|
|
|
//grant temporary permissions
|
|
|
|
|
$p = new permissions;
|
|
|
|
|
$p->add('user_add', 'temp');
|
|
|
|
|
$p->add('user_group_add', 'temp');
|
|
|
|
|
|
|
|
|
|
//execute insert
|
|
|
|
|
$database = new database;
|
|
|
|
|
$database->app_name = 'authentication';
|
|
|
|
|
$database->app_uuid = 'a8a12918-69a4-4ece-a1ae-3932be0e41f1';
|
|
|
|
|
$database->save($array);
|
|
|
|
|
unset($array);
|
|
|
|
|
|
|
|
|
|
//revoke temporary permissions
|
|
|
|
|
$p->delete('user_add', 'temp');
|
|
|
|
|
$p->delete('user_group_add', 'temp');
|
2016-09-11 02:02:37 +02:00
|
|
|
}
|
2019-09-02 23:57:18 +02:00
|
|
|
unset($sql, $parameters, $row);
|
2016-09-11 02:02:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//result array
|
2023-04-16 09:10:39 +02:00
|
|
|
$result["ldap"]["plugin"] = "ldap";
|
|
|
|
|
$result["ldap"]["domain_name"] = $this->domain_name;
|
|
|
|
|
$result["ldap"]["username"] = $this->username;
|
2016-09-11 02:02:37 +02:00
|
|
|
if ($this->debug) {
|
2023-04-16 09:10:39 +02:00
|
|
|
$result["ldap"]["password"] = $this->password;
|
2016-09-11 02:02:37 +02:00
|
|
|
}
|
2023-04-16 09:10:39 +02:00
|
|
|
$result["ldap"]["user_uuid"] = $this->user_uuid;
|
|
|
|
|
$result["ldap"]["domain_uuid"] = $this->domain_uuid;
|
|
|
|
|
$result["ldap"]["authorized"] = $user_authorized ? true : false;
|
2016-09-11 02:02:37 +02:00
|
|
|
return $result;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-18 17:36:09 +02:00
|
|
|
?>
|
